Laptop infected by QQPCMgr virus
Hello guys,I’m a Chinese student seeking for your help with QQPCMgr virus problems.
Recently,my IE explorer has been hijacked by Hao123:the first page been redirected to https://www.hao123.com/?tn=93451208_hao_pg ,a Chinese guiding website.Once I’m connecting to Internet,my laptop will auto download the QQPCMgr(Chinese name“腾讯电脑管家”) ,a software created by Tencent company.Then the software will install silently without any hint,and it become start up everytime I logged on my laptop.
Uninstall process is extremely hard. Everytime I ran the uninstall process, it was removed me only for the time being.However, the IE main page remained hijacked, Next time I open the computer,it continuously download and install QQPCMgr .
I tried the following ways ,all turned nothing:
(1)remove the registry items regarding to “tencent”, “QQPC”and “hao123”,include deleting the IE start page item changed by hao123
(2)use “EVERYTHING” to search relevant files and delete them (both NORMAL and SAFE MODE tried)
(3)scan the files with AdwCleaner and have the tencent files quarantined,see attached picture
(4)put the “Tencent” certificate into untrusted items
(5)formatting the system C-drive(recover my system to Factory Reset through the HP recovery manger) and Data D-drive. Except the recovery drive E
Yesterday I installed 360safeguard(AKA“360安全卫士”),another antivirus in China.360 can forcibly change the IE explorer to blank page, it seemed the auto download and installation was stopped. But as soon as I uninstlled 360safeguard earlier today, the infected symptoms came back normal. Unwillingly I have to reinstall the 360 back for nowT^T
Sorry for my lengthy statement,hope you all the best
I searched the forum,the similar problems were listed as follows
b. http://www.geekstogo.com/forum/topic/361138-unwanted-malware-programmas-tencent/
The log files
1.FRST(scanned with 360)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2016
Ran by xiao (administrator) on FOOLISH (04-10-2016 17:45:00)
Running from C:\Users\xiao\Desktop
Loaded Profiles: xiao (Available Profiles: xiao)
Platform: Windows 8.1 China (Update) (X64) Language: 中文(简体,中国)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() D:\3.下载\Free Download Manager\winwfpmonitor.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Sogou.com Inc.) C:\Windows\SysWOW64\IME\SogouPY\SogouImeBroker.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Sogou.com Inc.) C:\Windows\SysWOW64\IME\SogouPY\SogouImeLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() D:\1.杀毒\Everything.exe
() C:\Users\xiao\AppData\Local\Temp\Everything\Everything.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(360.cn) C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
(Sogou.com Inc.) D:\2.文档\SogouInput\6.8.0.0856\SogouCloud.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-10] (NVIDIA Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-02] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [445312 2016-08-19] (SHADOWDEFENDER.COM)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [507144 2014-09-02] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [360Safetray] => C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe [395688 2016-10-04] (360.cn)
ShellIconOverlayIdentifiers: [ 360UDiskGuard Icon Overlay] -> {CC00F81D-5262-450A-B1FA-D6BEE3406263} => C:\Program Files (x86)\360\360Safe\safemon\360UDiskGuard64.dll [2016-10-04] (360.cn)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.64.0.10 10.64.101.101
Tcpip\..\Interfaces\{D81BC7C5-435A-4EA2-90C9-162CE92FD9E8}: [DhcpNameServer] 10.64.0.10 10.64.101.101
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-733134077-707159484-3497039572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://cn.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=CPNTDFJS
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2016-10-03] (IObit)
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon64.dll [2016-10-04] (360.cn)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\360Safe\safemon\safemon.dll [2016-10-04] (360.cn)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
FireFox:
========
FF Plugin-x32: @360.cn/npaxlogin -> C:\Program Files (x86)\360\360Safe\Utils\npaxlogin.dll [2016-10-04] (360.cn)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2014-07-12] (Alps Electric Co., Ltd.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
S3 CooCareServiceStarsoftcommeservices; C:\Program Files (x86)\StarSoftComm\CooCare4\eServices\BIN\CooCareService.exe [119144 2014-12-11] ()
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [93184 2014-08-01] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [509192 2014-09-02] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-26] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-09-03] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2153792 2016-10-03] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-10] (NVIDIA Corporation)
S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-19] (Realtek Semiconductor)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [517120 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-12-11] (Microsoft Corporation)
S2 WinAppMgmt; C:\ProgramData\WinAppMgmt\WinAppMgmt.exe [692128 2014-09-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-12-11] (Microsoft Corporation)
R2 ZhuDongFangYu; C:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe [237168 2016-10-04] (360.cn)
S2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [129744 2016-08-19] (SHADOWDEFENDER.COM)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-10-04] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [321616 2016-10-04] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2016-10-04] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [405224 2016-10-04] (360.cn)
S4 360Hvm; C:\Windows\System32\Drivers\360Hvm64.sys [255208 2016-10-04] (360安全中心)
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [90112 2016-10-04] (360.cn)
R1 360qpesv; C:\Windows\System32\DRIVERS\360qpesv64.sys [249064 2016-09-19] (360.cn)
R1 360reskit64; C:\Windows\system32\drivers\360reskit64.sys [68176 2016-10-04] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-10-04] (360.cn)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [452336 2016-08-19] (SHADOWDEFENDER.COM)
U0 DsArk; C:\Windows\System32\drivers\DsArk64.sys [165456 2016-10-04] (360.cn)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 Ggmon; C:\Windows\System32\DRIVERS\Ggmon.sys [514560 2016-09-09] (360.cn)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [126976 2014-09-03] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38048 2014-09-05] (NVIDIA Corporation)
R1 ppfsflt; C:\Windows\System32\DRIVERS\ppfsflt.sys [30952 2014-12-11] (StarSoftComm)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-08-20] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [580824 2014-09-10] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3593432 2014-10-08] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2014-12-11] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [257880 2014-12-11] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-12-11] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-04 17:45 - 2016-10-04 17:45 - 00015503 _____ C:\Users\xiao\Desktop\FRST.txt
2016-10-04 17:44 - 2016-10-04 16:36 - 02404864 _____ (Farbar) C:\Users\xiao\Desktop\FRST64.exe
2016-10-04 16:35 - 2016-10-04 16:36 - 02404864 _____ (Farbar) C:\Users\xiao\Downloads\FRST64.exe
2016-10-04 15:57 - 2016-10-04 17:45 - 00000000 ____D C:\FRST
2016-10-04 15:51 - 2016-10-04 15:51 - 00007507 _____ C:\Users\xiao\Downloads\Fixlist.txt
2016-10-04 15:12 - 2016-10-04 15:12 - 06702331 _____ C:\Users\xiao\Downloads\PCHunter.zip
2016-10-04 15:07 - 2016-10-04 15:07 - 01164418 _____ C:\Users\xiao\Downloads\反锁IE主页.rar
2016-10-04 14:52 - 2016-09-19 18:57 - 00249064 _____ (360.cn) C:\Windows\system32\Drivers\360qpesv64.sys
2016-10-04 14:51 - 2016-10-04 14:46 - 00165456 _____ (360.cn) C:\Windows\system32\Drivers\DsArk64.sys
2016-10-04 14:49 - 2016-10-04 14:49 - 00000000 ____D C:\Windows\System32\Tasks\360SuperKiller
2016-10-04 14:47 - 2016-10-04 14:58 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\360WD
2016-10-04 14:47 - 2016-10-04 14:49 - 00188864 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
2016-10-04 14:47 - 2016-10-04 14:47 - 00321616 _____ (360.cn) C:\Windows\system32\Drivers\360Box64.sys
2016-10-04 14:47 - 2016-10-04 14:47 - 00255208 _____ (360安全中心) C:\Windows\system32\Drivers\360Hvm64.sys
2016-10-04 14:47 - 2016-10-04 14:47 - 00151784 _____ (360.cn) C:\Windows\system32\Drivers\360AntiHacker64.sys
2016-10-04 14:47 - 2016-10-04 14:47 - 00040520 _____ (360.cn) C:\Windows\system32\Drivers\360Camera64.sys
2016-10-04 14:47 - 2016-10-04 14:47 - 00001104 _____ C:\Users\xiao\Desktop\360安全卫士.lnk
2016-10-04 14:47 - 2016-10-04 14:47 - 00000001 _____ C:\Windows\system32\Drivers\360Hvm64.dat
2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 _RSHD C:\360SANDBOX
2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360mobilemgr
2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
2016-10-04 14:47 - 2016-10-04 14:47 - 00000000 ____D C:\ProgramData\360safe
2016-10-04 14:47 - 2016-10-04 14:46 - 00405224 _____ (360.cn) C:\Windows\system32\Drivers\360FsFlt.sys
2016-10-04 14:47 - 2016-10-04 14:46 - 00180336 _____ (360.cn) C:\Windows\SysWOW64\360SoftMgr.cpl
2016-10-04 14:47 - 2016-10-04 14:46 - 00068176 _____ (360.cn) C:\Windows\system32\Drivers\360reskit64.sys
2016-10-04 14:47 - 2016-10-04 14:46 - 00060416 _____ (360.cn) C:\Windows\system32\Drivers\360LanProtect.sys
2016-10-04 14:46 - 2016-10-04 15:58 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360Safe
2016-10-04 14:41 - 2016-10-03 14:57 - 65649056 _____ C:\Users\xiao\Desktop\360安全卫士.exe
2016-10-04 14:37 - 2016-10-04 14:37 - 00000000 ____D C:\Program Files\Common Files\Tencent
2016-10-04 14:36 - 2016-10-04 14:36 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-10-04 14:35 - 2016-10-04 14:41 - 00000000 ____D C:\ProgramData\Tencent
2016-10-04 14:19 - 2016-10-04 14:19 - 02850466 _____ C:\Users\xiao\Downloads\KMSpico v10.2.0 Portable.7z
2016-10-04 14:19 - 2016-10-04 14:19 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-10-04 14:19 - 2016-10-04 14:19 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-10-04 14:19 - 2016-10-04 14:19 - 00000000 ____D C:\Users\xiao\Downloads\KMSpico Portable
2016-10-04 13:49 - 2016-10-04 14:47 - 00090112 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.sys
2016-10-04 13:49 - 2016-10-04 13:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-04 13:49 - 2011-04-02 13:48 - 00056920 _____ (360.cn) C:\Windows\system32\Drivers\360netmon.old
2016-10-04 13:48 - 2016-10-04 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-04 13:48 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-04 13:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-04 13:48 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-04 13:10 - 2016-10-04 13:10 - 00000000 ____D C:\{0D9DB60E-B0EA-4d53-A392-A5D274956846}
2016-10-04 12:12 - 2016-10-04 12:12 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Shadow Defender
2016-10-04 12:10 - 2016-10-04 12:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-04 12:05 - 2016-10-04 12:05 - 00000000 ____D C:\Users\xiao\AppData\Roaming\CleanAndroid
2016-10-04 12:05 - 2016-10-04 12:05 - 00000000 ____D C:\ProgramData\CleanAndroid
2016-10-04 11:51 - 2016-10-04 12:04 - 00005020 _____ C:\Windows\diskpt.dat
2016-10-04 11:51 - 2016-10-04 11:51 - 00000000 _____ C:\Windows\diskptex.dat
2016-10-04 11:50 - 2016-10-04 11:50 - 00001033 _____ C:\Users\Public\Desktop\Shadow Defender.lnk
2016-10-04 11:50 - 2016-10-04 11:50 - 00000064 _____ C:\Windows\diskpt.crt
2016-10-04 11:50 - 2016-10-04 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadow Defender
2016-10-04 11:50 - 2016-10-04 11:50 - 00000000 ____D C:\Program Files\Shadow Defender
2016-10-04 11:50 - 2016-08-19 21:11 - 00452336 _____ (SHADOWDEFENDER.COM) C:\Windows\system32\Drivers\diskpt.sys
2016-10-04 11:16 - 2016-10-04 11:17 - 00000000 ____D C:\Users\xiao\Downloads\Shadow Defender
2016-10-04 00:09 - 2016-10-04 00:09 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\Thunder Network
2016-10-03 23:52 - 2016-10-03 23:52 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Locktime
2016-10-03 23:33 - 2016-10-03 23:33 - 00000000 ____D C:\Users\xiao\AppData\Roaming\LockHunter
2016-10-03 23:31 - 2016-10-04 11:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Locktime Software
2016-10-03 23:31 - 2016-10-04 11:21 - 00000000 ____D C:\ProgramData\Locktime
2016-10-03 23:31 - 2016-10-04 00:01 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-10-03 22:44 - 2016-10-03 22:45 - 02313709 _____ C:\Users\xiao\Downloads\360流量监控.rar
2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\Users\xiao\AppData\Roaming\BaiduYunKernel
2016-10-03 22:21 - 2016-10-03 22:21 - 00000000 ____D C:\Users\xiao\AppData\Roaming\BaiduYunGuanjia
2016-10-03 22:11 - 2016-10-03 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法
2016-10-03 22:03 - 2016-10-04 17:44 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\SogouPY
2016-10-03 22:03 - 2016-10-03 22:03 - 00000000 ____D C:\Users\xiao\AppData\LocalLow\SogouPY.users
2016-10-03 21:58 - 2016-10-03 21:58 - 00000206 __RSH C:\ProgramData\ntuser.pol
2016-10-03 21:47 - 2016-10-03 21:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Macromedia
2016-10-03 21:40 - 2016-10-03 21:42 - 00000000 ____D C:\Users\xiao\Documents\WORLD
2016-10-03 19:12 - 2016-10-03 19:14 - 44877744 _____ C:\Users\xiao\Downloads\360国际版.exe
2016-10-03 18:45 - 2016-10-03 18:45 - 00000889 _____ C:\Users\xiao\Desktop\RegWorkshopX64.lnk
2016-10-03 18:38 - 2016-10-04 17:38 - 00000000 ____D C:\Users\xiao\AppData\Local\shadowsocks-gui
2016-10-03 18:38 - 2016-10-03 18:38 - 01132938 _____ C:\Users\xiao\Downloads\RegistryWorkshop_chs.exe
2016-10-03 18:30 - 2016-10-03 10:38 - 02626201 _____ C:\Users\xiao\Downloads\geek.zip
2016-10-03 18:27 - 2016-10-03 18:27 - 00000768 _____ C:\Users\xiao\Desktop\PowerPnt2016.lnk
2016-10-03 18:27 - 2016-10-03 18:27 - 00000763 _____ C:\Users\xiao\Desktop\Word 2016.lnk
2016-10-03 18:27 - 2016-10-03 18:27 - 00000755 _____ C:\Users\xiao\Desktop\Excel 2016.lnk
2016-10-03 18:27 - 2015-10-30 08:25 - 00026312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20CHS.DLL
2016-10-03 18:27 - 2015-10-30 08:21 - 01281192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2016-10-03 18:27 - 2015-10-29 16:34 - 00052840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEN2232.OLB
2016-10-03 18:27 - 2015-07-18 21:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-10-03 18:27 - 2015-07-18 21:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-10-03 18:27 - 2015-06-26 13:34 - 00439608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-03 18:27 - 2015-06-26 13:34 - 00085328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-03 18:19 - 2016-10-03 18:19 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Foxit Software
2016-10-03 18:14 - 2016-10-03 10:23 - 22851472 _____ (Malwarebytes ) C:\Users\xiao\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-03 18:06 - 2016-10-04 00:24 - 00000000 ____D C:\Users\Public\Thunder Network
2016-10-03 18:06 - 2016-10-04 00:09 - 00000000 ____D C:\ProgramData\Thunder Network
2016-10-03 18:06 - 2016-10-03 18:06 - 00000756 _____ C:\Users\xiao\Desktop\迅雷.lnk
2016-10-03 18:04 - 2016-10-03 18:04 - 00000893 _____ C:\Users\xiao\Desktop\ADWclean.lnk
2016-10-03 17:56 - 2016-10-03 17:56 - 00000845 _____ C:\Users\xiao\Desktop\Everything.lnk
2016-10-03 17:51 - 2016-10-03 17:51 - 00000905 _____ C:\Users\xiao\Desktop\FastStone.lnk
2016-10-03 17:50 - 2016-10-03 17:50 - 00000669 _____ C:\Users\xiao\Desktop\舒克.lnk
2016-10-03 17:50 - 2016-10-03 17:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\ShokDown
2016-10-03 17:46 - 2016-10-04 11:49 - 00000000 ____D C:\Users\xiao\Downloads\hoarding
2016-10-03 17:44 - 2016-10-03 17:44 - 00001013 _____ C:\Users\xiao\Desktop\干净云.lnk
2016-10-03 17:43 - 2016-10-03 17:43 - 00000919 _____ C:\Users\xiao\Desktop\快速合并.lnk
2016-10-03 17:42 - 2016-10-03 17:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\flvcd
2016-10-03 17:40 - 2016-10-03 17:40 - 00000000 ____D C:\Users\xiao\AppData\Local\CEF
2016-10-03 17:39 - 2016-10-03 18:20 - 00000000 ____D C:\Users\xiao\AppData\Local\Free Download Manager
2016-10-03 17:39 - 2016-10-03 17:39 - 00002680 _____ C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor
2016-10-03 17:39 - 2016-10-03 17:39 - 00000711 _____ C:\Users\Public\Desktop\FDM5.lnk
2016-10-03 17:39 - 2016-10-03 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2016-10-03 17:37 - 2016-10-03 17:37 - 00000912 _____ C:\Users\xiao\Desktop\Win8管家.lnk
2016-10-03 17:34 - 2016-10-03 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2016-10-03 17:32 - 2016-10-03 17:32 - 00000000 ____D C:\Users\xiao\Downloads\新SS
2016-10-03 17:26 - 2016-10-03 17:26 - 00000331 _____ C:\Users\xiao\Desktop\控制面板.lnk
2016-10-03 15:59 - 2016-10-03 15:59 - 00000392 _____ C:\Users\xiao\Desktop\这台电脑.lnk
2016-10-03 15:55 - 2016-10-04 14:52 - 00000000 __SHD C:\Users\xiao\AppData\Roaming\360Quarant
2016-10-03 15:55 - 2016-10-04 14:52 - 00000000 __SHD C:\$360Section
2016-10-03 15:34 - 2016-10-03 15:34 - 00198568 _____ C:\Windows\SysWOW64\360FixOpHelper.exe
2016-10-03 15:07 - 2016-10-04 14:49 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360SuperKiller
2016-10-03 15:07 - 2016-09-09 16:35 - 00514560 _____ (360.cn) C:\Windows\system32\Drivers\Ggmon.sys
2016-10-03 15:07 - 2016-09-09 16:35 - 00514560 _____ (360.cn) C:\Windows\checkbin.bin
2016-10-03 15:06 - 2016-10-03 15:06 - 00000000 ____D C:\ProgramData\OEM Links
2016-10-03 14:58 - 2016-10-03 14:59 - 00000000 ____D C:\Users\xiao\.android
2016-10-03 14:58 - 2016-10-03 14:58 - 00000000 ____D C:\Users\xiao\AppData\Roaming\360Login
2016-10-03 14:52 - 2016-10-03 14:52 - 00000998 _____ C:\Users\Public\Desktop\Clover.lnk
2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\Users\xiao\AppData\Local\Clover
2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clover
2016-10-03 14:52 - 2016-10-03 14:52 - 00000000 ____D C:\Program Files (x86)\Clover
2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\WinRAR
2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-03 14:50 - 2016-10-03 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-03 14:49 - 2016-10-03 14:49 - 00000872 _____ C:\Users\xiao\Desktop\MyChrome - 快捷方式.lnk
2016-10-03 14:47 - 2016-10-03 14:47 - 00002770 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-10-03 14:47 - 2016-10-03 14:47 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-03 14:47 - 2016-10-03 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-10-03 14:47 - 2016-10-03 14:47 - 00000000 ____D C:\Program Files\CCleaner
2016-10-03 14:44 - 2016-10-04 14:46 - 00000000 ____D C:\Program Files (x86)\360
2016-10-03 14:44 - 2016-09-28 14:52 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2016-10-03 14:42 - 2016-10-03 22:13 - 00000292 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job
2016-10-03 14:42 - 2016-10-03 21:56 - 00002392 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2016-10-03 14:42 - 2016-10-03 14:44 - 00000000 ____D C:\ProgramData\IObit
2016-10-03 14:42 - 2016-10-03 14:42 - 00001275 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2016-10-03 14:42 - 2016-10-03 14:42 - 00001251 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\Users\xiao\AppData\Roaming\IObit
2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\ProgramData\ProductData
2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-10-03 14:42 - 2016-10-03 14:42 - 00000000 ____D C:\Program Files (x86)\IObit
2016-10-03 14:22 - 2016-10-03 14:22 - 00000000 __SHD C:\Users\xiao\AppData\LocalLow\EmieUserList
2016-10-03 13:47 - 2016-10-03 13:47 - 00004020 _____ C:\Windows\System32\Tasks\HPGenoobeReminder
2016-10-03 13:20 - 2016-10-03 13:20 - 00000000 ____D C:\Users\Public\CyberLink
2016-10-03 13:15 - 2016-10-03 13:15 - 00000000 ____D C:\Users\xiao\AppData\Roaming\hpqlog
2016-10-03 13:15 - 2016-10-03 13:15 - 00000000 ____D C:\Users\xiao\AppData\Local\Hewlett-Packard
2016-10-03 13:07 - 2016-10-04 14:44 - 00000000 ____D C:\AdwCleaner
2016-10-03 13:07 - 2016-10-03 13:07 - 00000000 ____D C:\Users\xiao\AppData\Roaming\baiduyun
2016-10-03 13:04 - 2016-10-03 18:14 - 00000000 ____D C:\Users\xiao\Desktop\杀毒
2016-10-03 13:02 - 2016-10-03 13:02 - 00000000 __SHD C:\Users\xiao\AppData\Local\EmieUserList
2016-10-03 13:02 - 2016-10-03 13:02 - 00000000 __SHD C:\Users\xiao\AppData\Local\EmieSiteList
2016-10-03 13:01 - 2016-10-03 14:22 - 00000000 __SHD C:\Users\xiao\AppData\LocalLow\EmieSiteList
2016-10-03 13:00 - 2016-10-04 14:50 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733134077-707159484-3497039572-1001
2016-10-03 12:58 - 2016-10-03 16:07 - 00000000 ____D C:\Users\xiao\Documents\Youcam
2016-10-03 12:58 - 2016-10-03 13:47 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Hewlett-Packard
2016-10-03 12:58 - 2016-10-03 12:58 - 00000000 ____D C:\Users\xiao\AppData\Local\CyberLink
2016-10-03 12:54 - 2016-10-04 13:51 - 00000000 ____D C:\Users\xiao
2016-10-03 12:54 - 2016-10-04 00:46 - 00000000 ____D C:\Users\xiao\AppData\Local\Packages
2016-10-03 12:54 - 2016-10-03 13:04 - 00000000 __SHD C:\Users\xiao\IntelGraphicsProfiles
2016-10-03 12:54 - 2016-10-03 12:56 - 00000000 ____D C:\Users\xiao\AppData\Local\VirtualStore
2016-10-03 12:54 - 2016-10-03 12:55 - 00000000 ____D C:\Users\xiao\AppData\Local\NVIDIA Corporation
2016-10-03 12:54 - 2016-10-03 12:54 - 00001373 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-03 12:54 - 2016-10-03 12:54 - 00000182 _____ C:\Windows\insFileSpec
2016-10-03 12:54 - 2016-10-03 12:54 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-03 12:54 - 2016-10-03 12:54 - 00000020 ___SH C:\Users\xiao\ntuser.ini
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\My Documents
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Videos
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Pictures
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\Documents\My Music
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 _SHDL C:\Users\xiao\「开始」菜单
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 ____D C:\Users\xiao\AppData\Roaming\Adobe
2016-10-03 12:54 - 2016-10-03 12:54 - 00000000 ____D C:\Users\xiao\AppData\Local\NVIDIA
2016-10-03 12:54 - 2014-12-11 00:19 - 00000000 ___HD C:\Users\xiao\Documents\hp.system.package.metadata
2016-10-03 12:54 - 2014-12-11 00:19 - 00000000 ___HD C:\Users\xiao\Documents\hp.applications.package.appdata
2016-10-03 12:54 - 2014-03-18 17:52 - 00000369 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2016-10-03 12:54 - 2014-03-18 17:52 - 00000369 _____ C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2016-10-03 12:50 - 2016-10-03 12:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default\「开始」菜单
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\程序
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\桌面
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\程序
2016-10-03 12:48 - 2016-10-03 12:48 - 00000000 _SHDL C:\ProgramData\「开始」菜单
2016-10-03 12:44 - 2016-10-03 12:44 - 00002384 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733134077-707159484-3497039572-500
2016-10-03 12:40 - 2015-05-18 21:20 - 00003361 _____ C:\OA3.Trace.xml
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-04 15:14 - 2016-04-10 23:34 - 00000000 ____D C:\Users\xiao\Downloads\PCHunter_free
2016-10-04 14:51 - 2014-03-18 17:50 - 01605104 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-04 14:51 - 2014-03-18 17:21 - 00479676 _____ C:\Windows\system32\prfh0804.dat
2016-10-04 14:51 - 2014-03-18 17:21 - 00162152 _____ C:\Windows\system32\prfc0804.dat
2016-10-04 14:51 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-10-04 14:45 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-04 00:46 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-10-03 23:17 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-03 22:30 - 2014-12-11 00:31 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-10-03 22:03 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-10-03 22:03 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\IME
2016-10-03 22:02 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-10-03 21:56 - 2015-05-18 19:21 - 00003814 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-10-03 21:56 - 2015-05-18 19:21 - 00003572 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-10-03 21:53 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-10-03 19:22 - 2013-08-22 22:44 - 00362600 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-03 18:19 - 2014-12-11 00:30 - 00000000 ____D C:\Users\Public\Foxit Software
2016-10-03 16:11 - 2015-05-18 19:38 - 00003156 _____ C:\Windows\System32\Tasks\YCMServiceAgent
2016-10-03 15:34 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-10-03 15:06 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Resources
2016-10-03 15:02 - 2015-05-18 19:41 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-10-03 15:01 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-10-03 15:00 - 2015-05-18 19:41 - 00000000 ____D C:\Program Files\mcafee
2016-10-03 14:48 - 2014-04-03 09:26 - 00000000 ____D C:\Windows\Panther
2016-10-03 14:31 - 2014-12-11 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-10-03 14:23 - 2015-05-18 19:26 - 00000000 ____D C:\Program Files\Apoint2K
2016-10-03 13:11 - 2014-12-11 00:29 - 00000000 ____D C:\Users\Public\baidu
2016-10-03 13:02 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-10-03 12:59 - 2015-05-18 19:20 - 00000000 ____D C:\ProgramData\Intel
2016-10-03 12:57 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-03 12:54 - 2015-05-18 19:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-10-03 12:54 - 2014-04-05 07:46 - 00000000 ___HD C:\SYSTEM.SAV
2016-10-03 12:53 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-10-03 12:49 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache
2016-10-03 12:48 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows NT
2016-10-03 12:40 - 2013-08-22 23:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
Some files in TEMP:
====================
C:\Users\xiao\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_360tray.exe
C:\Users\xiao\AppData\Local\Temp\1f0fb7c2d13cc0c07ff2ca40747bc03e_SystemCompact.exe
C:\Users\xiao\AppData\Local\Temp\libeay32.dll
C:\Users\xiao\AppData\Local\Temp\msvcr120.dll
C:\Users\xiao\AppData\Local\Temp\sogou_pinyin_8.0.0.8381_unre.exe
C:\Users\xiao\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-02 17:28
==================== End of FRST.txt ============================
2.Additional(scanned with 360)
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-10-2016
Ran by xiao (04-10-2016 17:45:28)
Running from C:\Users\xiao\Desktop
Windows 8.1 China (Update) (X64) (2016-10-03 04:53:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-733134077-707159484-3497039572-500 - Administrator - Disabled)
Guest (S-1-5-21-733134077-707159484-3497039572-501 - Limited - Disabled)
xiao (S-1-5-21-733134077-707159484-3497039572-1001 - Administrator - Enabled) => C:\Users\xiao
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360安全卫士 (Disabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
360安全卫士 (HKLM-x32\...\360安全卫士) (Version: 10.3.0.2001 - 360安全中心)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.8.4420 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.3.5715 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.3.5715 - 公司名称) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.8.4316 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.1.0903 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
e管家 (HKLM-x32\...\CooCare4_eServices) (Version: 4.199 - StarSoftComm)
Foxit PhantomPDF (HKLM-x32\...\{89BF1D4D-1D62-451E-9496-B971BDE82720}) (Version: 6.0.33.715 - 福昕企业)
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version: 5.1.17.4597 - FreeDownloadManager.ORG)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{0166934F-40D5-4B60-944A-09857610804E}) (Version: 1.5.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{1E7F409E-E35A-4DF8-BF5C-FE34B74B640E}) (Version: 7.6.31.30 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F12B17AB-FCDA-4380-9D35-E3F871BF1093}) (Version: 1.2.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.2.9.10 - IObit)
LockHunter 3.0, 32/64 bit (HKLM\...\LockHunter_is1) (Version: - Crystal Rich Ltd)
Malwarebytes Anti-Malware セ 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Surface 2.0 Runtime (HKLM-x32\...\{69C2B39D-F060-49AD-8877-01C4144A8424}) (Version: 2.0.21114.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA PhysX 系统软件 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA 图形驱动程序 344.24 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.24 - NVIDIA Corporation)
PC语点 (HKLM-x32\...\VoiceAssistant) (Version: 1.0.0.1146 - "iFLYTEK Co., Ltd.")
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.24 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Registry Workshop (HKLM\...\Registry Workshop) (Version: - )
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.650 - ShadowDefender.com)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
舒克高清视频下载器 (HKLM-x32\...\ShokDown) (Version: - )
搜狗拼音传统版 6.8b (HKLM-x32\...\Sogou Input) (Version: 6.8.0.0856 - 大水牛)
英特尔® 芯片组设备软件 (x32 Version: 10.0.21 - Intel® Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03418F0D-903E-40A2-BD30-CB94CB3F9064} - \360SuperKiller\360SuperKiller -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E0FAABB-22C4-4223-87D6-C440DE051017} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {3BA0ADA1-3D0E-4B9E-AF44-B7CC24B8BCDA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)
Task: {4DEBDD42-AAB6-4123-A9FC-277153EEAA63} - System32\Tasks\FreeDownloadManagerNetworkMonitor => D:\3.下载\Free Download Manager\winwfpmonitor.exe [2016-08-23] ()
Task: {52E22504-DF48-4DB1-9166-3DB34B6D0478} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-03-13] (IObit)
Task: {6A802E4B-023F-40FC-BC0E-E32E26978842} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-01] (Hewlett-Packard Company)
Task: {700A0265-44E3-4F9E-A720-6FB8BA7E68E2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-21] (Piriform Ltd)
Task: {70EDC337-8BE2-4A70-A939-3E8109FCCCCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {753B341E-99AA-4E01-9949-F6A180D8ACB4} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2014-05-15] ()
Task: {7F39AF23-33F6-43D2-9C81-1AB5FD8EB48B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)
Task: {8FCFD90F-A3BD-42DE-94C9-57F21C04CD8C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {940C5318-EADF-4BF2-843D-7BA6818974A1} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2013-08-22] (Microsoft Corporation)
Task: {E353A098-73B0-4347-B53A-2A808B76BB9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-04-09] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-05-18 19:24 - 2014-09-27 11:19 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-03 17:39 - 2016-08-23 20:27 - 00848896 _____ () D:\3.下载\Free Download Manager\winwfpmonitor.exe
2016-10-03 17:39 - 2016-08-23 20:24 - 00029696 _____ () D:\3.下载\Free Download Manager\WinDivert.dll
2015-05-18 19:22 - 2014-10-11 10:24 - 00098816 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2016-10-03 14:51 - 2016-03-24 18:37 - 00459602 _____ () D:\1.杀毒\Everything.exe
2016-10-04 14:47 - 2009-03-13 09:18 - 00602624 ____N () C:\Users\xiao\AppData\Local\Temp\Everything\Everything.exe
2013-11-21 15:45 - 2013-11-21 15:45 - 00051816 _____ () C:\Windows\SYSTEM32\IME\SogouPY\SogouImeBrokerPS.dll
2014-09-03 11:03 - 2014-09-03 11:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Windows\Logs:Defender.log [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VAGP ATX Chipset => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CooCareServiceStarsoftcommeservices => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ppfsflt.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VAGP ATX Chipset => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{0CBD4F48-3751-475D-BE88-4F271385B672} => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-733134077-707159484-3497039572-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 10.64.0.10 - 10.64.101.101
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{BCE96C00-5ACD-4447-BCEA-4238252F06B1}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCare.exe
FirewallRules: [{98C3B789-B844-49CB-A15C-28937A92DCDC}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCare.exe
FirewallRules: [{3EAD252B-DE48-4B7E-8C66-F84CEE4140C2}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\plugin\remotedesk\WinVNC.exe
FirewallRules: [{3F9B0A77-E4C7-4BB7-984D-E409C1A68A05}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\plugin\remotedesk\WinVNC.exe
FirewallRules: [{868CAB1C-43D9-4C84-B34D-25338058F2EE}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooChatHost.exe
FirewallRules: [{8162EB48-2311-4D9F-A8C9-01AEA6119041}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooChatHost.exe
FirewallRules: [{015FE23D-C107-48B0-B726-99C01A2DE544}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCareService.exe
FirewallRules: [{0D9A3AC3-C72B-4DAA-8AB2-B4D2A7FF026C}] => (Allow) C:\Program Files (x86)\StarSoftComm\CooCare4\eservices\BIN\CooCareService.exe
FirewallRules: [{349A2CBA-517F-4F6C-87F6-F72134577759}] => (Allow) C:\ProgramData\WinAppMgmt\winappmgmt.exe
FirewallRules: [{3FF27C54-FA2D-456D-8E02-FD432F3E4184}] => (Allow) C:\ProgramData\WinAppMgmt\winappmgmt.exe
FirewallRules: [{B083543B-2BCC-4FC8-939A-4455C37C4B5B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D684AF1A-F6EE-4004-A4F6-172CB652F964}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5478EAD8-521F-4625-AA04-E50F8505CBD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{90A1C476-D926-49B7-BB8A-AC4F08B4BE4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{402279B6-32AB-4121-94CD-FAA7ECDAE321}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE69CDE2-7980-4F4C-BCEF-B413D31F3300}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{30317FC8-4B8E-464B-8A58-68A800544D23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8387A2E4-22E1-48ED-A904-5F2A62EE0C1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DADF221E-9BAD-418C-888C-188CBC879A0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{533DC3FB-9DE7-4286-968C-08BEE9605914}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1A9BE45-9492-4A97-838F-52CE4EA4D207}] => (Allow) C:\Users\xiao\Desktop\杀毒\inst.exe
FirewallRules: [{E7126CAD-D0A2-4BC7-A44B-82E91A1481E0}] => (Allow) C:\Users\xiao\Desktop\杀毒\inst.exe
FirewallRules: [{C1A48BEB-37E2-43AB-8CFB-F70BB9E6465C}] => (Allow) D:\3.下载\Free Download Manager\fdm.exe
FirewallRules: [{39AD0330-B414-4078-8659-65BC93FCAED8}] => (Allow) D:\3.下载\Free Download Manager\fdm.exe
FirewallRules: [TCP Query User{80DF9059-F905-4B05-8A15-91C9C7E2618F}D:\3.下载\百度干净云\baiduyunguanjia.exe] => (Block) D:\3.下载\百度干净云\baiduyunguanjia.exe
FirewallRules: [UDP Query User{D18715AA-D0D3-4048-A11B-5555D0CAFF62}D:\3.下载\百度干净云\baiduyunguanjia.exe] => (Block) D:\3.下载\百度干净云\baiduyunguanjia.exe
FirewallRules: [{7D0181B9-1AC6-4A68-8A3E-6ADE5764743C}] => (Allow) D:\2.文档\SogouInput\6.8.0.0856\PinyinUp.exe
FirewallRules: [{92A1B946-4F1C-4B63-A3CD-3AC52B4D8E52}] => (Allow) D:\2.文档\SogouInput\6.8.0.0856\PinyinUp.exe
FirewallRules: [TCP Query User{7DE424B1-D195-4268-B840-9AB4C7A97E38}D:\3.下载\迅雷.7.9\program\thunderplatform.exe] => (Block) D:\3.下载\迅雷.7.9\program\thunderplatform.exe
FirewallRules: [UDP Query User{BBC005E4-191C-472A-B467-7E0BCF37DF4C}D:\3.下载\迅雷.7.9\program\thunderplatform.exe] => (Block) D:\3.下载\迅雷.7.9\program\thunderplatform.exe
FirewallRules: [{2E5F2EC5-35C8-40BD-BA79-D145AEE9B352}] => (Allow) C:\Program Files (x86)\360\360Safe\mobilemgr\360MobileSrv.exe
FirewallRules: [{187A3B1D-93FA-4695-BA7F-D6F0A9647EB1}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{7DBFCBE6-AC85-4D11-BFB1-710E2966DE28}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe
FirewallRules: [{1BEC90B6-EA8F-4106-9C94-B252315CD68F}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
FirewallRules: [{A0A6C2C0-BFB0-4C20-8714-411A7841FFCA}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe
==================== Restore Points =========================
03-10-2016 12:52:42 Windows 模块安装程序
03-10-2016 13:14:21 JRT Pre-Junkware Removal
03-10-2016 18:32:30 流氓之后
03-10-2016 19:25:31 双保护
04-10-2016 12:00:35 试运行之一
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2016 02:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x944
错误应用程序启动时间: 0x01d21e0ae8c33167
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: 269f682c-89fe-11e6-826c-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 02:40:01 PM) (Source: System Restore) (EventID: 8200) (User: )
Description: 未能启动系统还原: (试运行之一)。
Error: (10/04/2016 02:30:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: 程序 Explorer.EXE 版本 6.3.9600.17284 停止与 Windows 交互并关闭。要查看是否有关于该问题的详细信息,请检查操作中心控制面板中的问题历史记录。
进程 ID: a50
开始时间: 01d21e0899a1fe41
终止时间: 0
应用程序路径: C:\Windows\Explorer.EXE
报告 ID: e593dde8-89fb-11e6-826b-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 02:21:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x504
错误应用程序启动时间: 0x01d21e07949008c7
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: d271046a-89fa-11e6-826a-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 01:56:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: WINWORD.EXE,版本: 16.0.4266.1001,时间戳: 0x55ba16cb
错误模块名称: ucrtbase.DLL,版本: 10.0.10240.16390,时间戳: 0x55a5bf73
异常代码: 0xc0000409
错误偏移量: 0x0007c3a2
错误进程 ID: 0x1270
错误应用程序启动时间: 0x01d21e03a21708e6
错误应用程序路径: D:\2.文档\Office2016\Office16\WINWORD.EXE
错误模块路径: C:\Windows\SYSTEM32\ucrtbase.DLL
报告 ID: 450cf9da-89f7-11e6-8269-480fcf6bd31c
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 01:53:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x928
错误应用程序启动时间: 0x01d21e0392d2aa6e
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: d0a56b41-89f6-11e6-8269-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 01:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0xd54
错误应用程序启动时间: 0x01d21e02937df117
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: d17df16f-89f5-11e6-8268-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 12:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x538
错误应用程序启动时间: 0x01d21df4ec93873d
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: 2a6d9989-89e8-11e6-8266-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 11:57:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x116c
错误应用程序启动时间: 0x01d21df37ddfd3ce
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: bbf36bde-89e6-11e6-8265-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
Error: (10/04/2016 11:55:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 错误应用程序名称: ClientCore.exe,版本: 8.0.1.11,时间戳: 0x5335c2a0
错误模块名称: autheng.dll,版本: 0.0.0.0,时间戳: 0x5335c015
异常代码: 0xc0000005
错误偏移量: 0x0000000000030517
错误进程 ID: 0x11ec
错误应用程序启动时间: 0x01d21df327a957b1
错误应用程序路径: C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
错误模块路径: C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
报告 ID: 66870ebd-89e6-11e6-8264-d85de2104a1b
错误程序包全名:
错误程序包相对应用程序 ID:
System errors:
=============
Error: (10/04/2016 02:51:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: 服务 Intel® Dynamic Application Loader Host Interface Service 意外停止。这发生了 1 次。
Error: (10/04/2016 02:51:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Presentation Foundation Font Cache 3.0.0.0 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 0 毫秒内运行: 重新启动服务。
Error: (10/04/2016 02:47:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: 由于下列错误,ScRegSetValueExW 调用无法运行 Start:
拒绝访问。
Error: (10/04/2016 02:47:37 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: 由于下列错误,ScRegSetValueExW 调用无法运行 Description:
拒绝访问。
Error: (10/04/2016 02:44:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: 由于下列错误,Windows Search 服务启动失败:
由于登录失败而无法启动服务。
Error: (10/04/2016 02:44:30 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: WSearch 服务无法使用当前配置的密码以 NT AUTHORITY\SYSTEM 身份登录,错误原因如下:
不支持该请求。
要确保服务配置正确,请使用 Microsoft 管理控制台(MMC)中的服务管理单元。
Error: (10/04/2016 02:44:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN 扩展模块已意外停止。
模块路径: C:\Windows\system32\Rtlihvs.dll
Error: (10/04/2016 02:44:28 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN 扩展模块已意外停止。
模块路径: C:\Windows\system32\Rtlihvs.dll
Error: (10/04/2016 02:44:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN 扩展模块已意外停止。
模块路径: C:\Windows\system32\Rtlihvs.dll
Error: (10/04/2016 02:44:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Virtual Disk 服务意外地终止,这种情况已经出现了 1 次。以下的修正操作将在 60000 毫秒内运行: 重新启动服务。
CodeIntegrity:
===================================
Date: 2016-10-04 00:28:29.058
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\360\360safe\safemon\safewrapper.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 4011.39 MB
Available physical RAM: 2652.2 MB
Total Virtual: 5419.39 MB
Available Virtual: 3501.82 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:184.99 GB) (Free:146.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:259.75 GB) (Free:257.72 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:20.01 GB) (Free:2.25 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F43E4FE5)
Partition: GPT.
==================== End of Addition.txt ============================
3.Adwcleaner (scanned when infected)
# AdwCleaner v6.020 - Logfile created 03/10/2016 at 13:08:35
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-14.2 [Local]
# Operating System : Windows 8.1 China (X64)
# Username : xiao - foolish
# Running from : C:\Users\xiao\Desktop\adwcleaner_6.020.exe
# Mode: Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
Service Found: QQRepair38b
Service Found: QQRepairFixSVC
Service Found: QQPCRTP
Service Found: TAOAccelerator
Service Found: TSDefenseBt
Service Found: TSSysKit
Service Found: QMUdisk
Service Found: QQSysMonX64
Service Found: TFsFlt
Service Found: TAOKernelDriver
Service Found: softaal
Service Found: SRepairDrv
Service Found: tsnethlpx64
***** [ Folders ] *****
Folder Found: C:\Users\xiao\AppData\Roaming\tencent
Folder Found: C:\Users\xiao\AppData\Roaming\Tencent
Folder Found: C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
Folder Found: C:\Program Files\Common Files\tencent
Folder Found: C:\Program Files\Common Files\Tencent
Folder Found: C:\Users\xiao\AppData\Local\VirtualStore\Program Files (x86)\tencent
Folder Found: C:\Users\xiao\AppData\Local\VirtualStore\Program Files (x86)\Tencent
Folder Found: C:\ProgramData\tencent
Folder Found: C:\ProgramData\TXQMPC
Folder Found: C:\ProgramData\Tencent
Folder Found: C:\ProgramData\Application Data\tencent
Folder Found: C:\ProgramData\Application Data\TXQMPC
Folder Found: C:\ProgramData\Application Data\Tencent
Folder Found: C:\Program Files (x86)\tencent
Folder Found: C:\Program Files (x86)\Tencent
Folder Found: C:\Program Files (x86)\Common Files\tencent
Folder Found: C:\Program Files (x86)\Common Files\Tencent
Folder Found: C:\Users\xiao\AppData\Local\Temp\tencent
Folder Found: C:\Users\xiao\AppData\Local\Temp\Tencent
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
***** [ Files ] *****
File Found: C:\Users\xiao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件\电脑管家\电脑管家.lnk
File Found: C:\Windows\SysNative\drivers\TAOAccelerator64.sys
File Found: C:\Windows\SysNative\drivers\TFsFltX64.sys
File Found: C:\Windows\SysNative\drivers\TAOKernelEx64.sys
File Found: C:\Users\Public\Desktop\电脑管家.lnk
File Found: C:\Users\Public\Desktop\软件管理.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\metnsd
Key Found: HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found: HKLM\SOFTWARE\Classes\qmbfile
Key Found: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu
Key Found: HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1
Key Found: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found: HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found: HKLM\SOFTWARE\Classes\qmgcfiles
Key Found: HKLM\SOFTWARE\Classes\qpakfile
Key Found: HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found: [x64] HKLM\SOFTWARE\Classes\metnsd
Key Found: [x64] HKLM\SOFTWARE\Classes\PCMgrRepairIEExtensions
Key Found: [x64] HKLM\SOFTWARE\Classes\qmbfile
Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu
Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1
Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu
Key Found: [x64] HKLM\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1
Key Found: [x64] HKLM\SOFTWARE\Classes\qmgcfiles
Key Found: [x64] HKLM\SOFTWARE\Classes\qpakfile
Key Found: [x64] HKLM\SOFTWARE\Classes\QQPCMgr.qbox
Key Found: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found: HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}
Key Found: HKLM\SOFTWARE\Classes\AppID\{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Key Found: HKLM\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Key Found: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found: HKLM\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}
Key Found: HKLM\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{35627C7C-DB28-4772-9A6F-7607FFCBF9FF}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
Value Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{63332668-8CE1-445D-A5EE-25929176714E}]
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQPCMgr
Data Found: HKU\S-1-5-21-733134077-707159484-3497039572-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg
Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://www.hao123.com/?tn=93451208_hao_pg
Key Found: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPCMgr
Key Found: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
Key Found: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
Key Found: HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall
Key Found: HKEY_CLASSES_ROOT\Folder\ShellEx\ContextMenuHandlers\QMContextUninstall
Key Found: HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan
Key Found: HKLM\SOFTWARE\Classes\AppID\QMContextScan.DLL
Key Found: HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL
Key Found: HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan
Key Found: HKLM\SOFTWARE\Classes\.qbox
Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan
Key Found: HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall
Key Found: HKEY_CLASSES_ROOT\.qmgc
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [7044 Bytes] - [03/10/2016 13:08:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7117 Bytes] ##########
![Malware 123rede website caught through Spybot Search program [Closed] - last post by Essexboy](https://www.geekstogo.com/forum/uploads/profile/photo-177837.gif?_r=1396965007)
![Browser hijacked by hao123.com [Solved] - last post by Biscuithd](https://www.geekstogo.com/forum/uploads/av-356672.jpg?_r=1406990232)
Sign In
Create Account
