start::
CreateRestorePoint:
cmd: Net stop wuauserv
cmd: Rd /s /q %windir%\SoftwareDistribution\.
CloseProcesses:
EmptyTemp:
EmptyEventLogs:
RemoveProxy:
Unlock: C:\Users\PC\AppData\Roaming\360se6
Unlock: C:\Program Files (x86)\AVAST Software
Unlock: C:\Users\PC\AppData\Roaming\360Safe
Unlock: C:\Program Files (x86)\360
C:\Program Files (x86)\360
C:\Users\PC\AppData\Roaming\360se6
C:\Program Files (x86)\AVAST Software
C:\Users\PC\AppData\Roaming\360Safe
C:\Users\PC\AppData\Local\360Safe
GroupPolicyScripts: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
S3 HWiNFO_191; C:\Users\PC\AppData\Local\Temp\HWiNFO64A_191.SYS [57936 2024-08-02] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION
HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\...\Run: [PlanetVPN] => C:\Program Files (x86)\PlanetVPN\PlanetVPN.exe (No File)
HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\...\Run: [VideoDownloadCapture] => C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe /autoStart (No File)
HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\...\Run: [ScreenRec] => C:\Users\PC\AppData\Local\StreamingVideoProvider\ScreenRec_app\screenrec.exe (No File)
Task: {00543C1C-2939-4102-8418-D7A12E17BB6F} - no filepath. <==== ATTENTION
Task: {02019C01-6A16-4FB4-88CD-593DED98F1C6} - no filepath. <==== ATTENTION
Task: {0AF21E10-D5D0-4C8F-AAB1-C777B97FEFF5} - no filepath. <==== ATTENTION
Task: {10B15B80-9F19-4E1F-A530-F9AC12F31496} - no filepath. <==== ATTENTION
Task: {298EB84F-1C8B-40FC-A2DB-497FEF731E10} - no filepath. <==== ATTENTION
Task: {2AB800F4-51DC-4E26-A723-F98EBFE75FB0} - no filepath. <==== ATTENTION
Task: {4759C149-6F47-4B12-BE02-A8067DA115CC} - no filepath. <==== ATTENTION
Task: {5731BFF6-0BE0-405B-80F8-46DD7666D5C4} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {6C6EBE80-EDE0-448A-9823-FA342C4946A6} - no filepath. <==== ATTENTION
Task: {7F437842-0BC1-4DB3-B9DC-CB365661ECE5} - no filepath. <==== ATTENTION
Task: {888E9BCB-A6D5-4169-A8A8-97D3360B3656} - no filepath. <==== ATTENTION
Task: {AB47C9D0-74B7-4511-A572-A37C5CB0269E} - no filepath. <==== ATTENTION
Task: {BAB685E0-41D7-4A43-9F9D-4AA361660855} - no filepath. <==== ATTENTION
Task: {BC65E567-DBE1-48F3-9B65-3B049E52B99B} - no filepath. <==== ATTENTION
Task: {C06B0103-A1A8-4C64-B054-9F92A0D6D6D9} - no filepath. <==== ATTENTION
Task: {C0A86B02-BE37-4630-96F8-37DEFF925AC0} - no filepath. <==== ATTENTION
Task: {D042BC29-5DF2-4245-A351-A1FDBE033ADB} - no filepath. <==== ATTENTION
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - no filepath. <==== ATTENTION
Task: {E20E5D54-679A-447E-93BA-99501B67DF65} - no filepath. <==== ATTENTION
Task: {F2F1E782-7288-4EF2-84F3-5A67F969F9FA} - no filepath. <==== ATTENTION
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [No File]
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1579.3\npAvastBrowserUpdate3.dll [No File]
S2 360bpsvc; C:\Users\PC\AppData\Roaming\360se6\Application\components\guard\360bpsvc.exe [X]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
Task: {973D6FD9-D489-4491-B52A-BEDAF646F01D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-07-25] (HP Inc. -> HP Inc.)
S2 360bpsvc; C:\Users\PC\AppData\Roaming\360se6\Application\components\guard\360bpsvc.exe [X]
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\360安全浏览器
C:\Users\PC\AppData\Roaming\360se6
C:\ProgramData\Avast Software
C:\Users\PC\AppData\Roaming\360Safe
C:\Users\PC\AppData\Roaming\360huabao
CustomCLSID: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> C:\Users\PC\AppData\Roaming\360se6\Application\360se.exe (Beijing Qihu Technology Co., Ltd. -> 360.cn)
CustomCLSID: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001_Classes\CLSID\{63AE0751-5341-4B42-8E56-82E4EA44B258}\localserver32 -> "C:\Users\PC\AppData\Roaming\360se6\Application\15.3.2510.64\notification_helper.exe" => No File
SearchScopes: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{CF707286-A253-4008-B655-D2E3B61F18F9}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{AEFD9256-95E6-42E0-BDDD-EE636E625A70}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{D3EC4F5A-A1BB-4B10-A39E-81F6E1019892}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{8687BA29-574F-4293-88C1-18A37908A892}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe => No File
FirewallRules: [{6A474D58-EC70-4BD1-BA71-D2A776FC64DF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{8652D105-E5C2-4ACD-958C-3749B0C425AF}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe => No File
FirewallRules: [{E7BD56F6-002A-448B-98B4-90DFC3220124}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [{C3EB78AF-2568-4770-8177-9B70AB2F24C7}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe => No File
FirewallRules: [{82AAE427-EB07-41F0-AF38-B661B8AE66FA}] => (Allow) C:\Users\PC\AppData\Roaming\360se6\Application\components\guard\360bpsvc.exe => No File
FirewallRules: [{672633E7-72C8-4458-87D9-0BF886D06E73}] => (Allow) C:\Users\PC\AppData\Roaming\360se6\Application\components\guard\360bpsvc.exe => No File
FirewallRules: [TCP Query User{01017FF0-6006-4E79-AEDC-36AAB4DFA089}C:\users\pc\appdata\roaming\360se6\application\15.1.1433.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.1433.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{124DDC5C-0547-45F6-859E-A0440D797027}C:\users\pc\appdata\roaming\360se6\application\15.1.1433.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.1433.64\installer\360chromeup.exe => No File
FirewallRules: [TCP Query User{8E0A97C5-430A-4090-9E97-2FA97C554809}C:\users\pc\appdata\roaming\360se6\application\15.1.2018.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2018.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{94DFA239-6707-49A0-A37B-7858BEC6A48C}C:\users\pc\appdata\roaming\360se6\application\15.1.2018.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2018.64\installer\360chromeup.exe => No File
FirewallRules: [TCP Query User{FD090B58-5F9F-4F7C-8CDC-51F724F1AFE1}C:\users\pc\appdata\roaming\360se6\application\15.1.2024.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2024.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{0ED422AC-AEBA-4AFE-BB3B-90BF360E991C}C:\users\pc\appdata\roaming\360se6\application\15.1.2024.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2024.64\installer\360chromeup.exe => No File
FirewallRules: [{DCAAA0CB-F8B7-4831-8FAC-AA6CA7791896}] => (Allow) C:\Users\PC\AppData\Roaming\360se6\Application\15.1.2040.64\installer\360chromeup.exe => No File
FirewallRules: [{FE24F340-43AB-4D01-BB45-1668810EBC9A}] => (Allow) C:\Users\PC\AppData\Roaming\360se6\Application\15.1.2040.64\installer\360chromeup.exe => No File
FirewallRules: [TCP Query User{0937D262-4B79-4CF4-860D-B0A991FA7283}C:\users\pc\appdata\roaming\360se6\application\15.1.2090.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2090.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{607AEEA7-5C09-43DD-A78D-033A330F1867}C:\users\pc\appdata\roaming\360se6\application\15.1.2090.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.1.2090.64\installer\360chromeup.exe => No File
FirewallRules: [{67B6B1C6-8B2F-408E-88EC-22F82AE9C837}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe => No File
FirewallRules: [{A540D8DC-D860-4F63-BE57-EA7097D1D3D9}] => (Allow) C:\Program Files (x86)\360\360Safe\safemon\360Tray.exe => No File
FirewallRules: [{C2C824AB-6B1A-47BB-B2BC-1F7C59CA4BF7}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe => No File
FirewallRules: [{7CE45ABE-F810-4F13-AD9B-DE2145FDFEF6}] => (Allow) C:\Program Files (x86)\360\360Safe\LiveUpdate360.exe => No File
FirewallRules: [TCP Query User{08C42E72-7B65-46F1-9C2F-FA04A5D2C812}C:\users\pc\appdata\roaming\360se6\application\15.3.2168.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2168.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{2C3B5E2F-E7CA-411A-B70F-D627D75E3674}C:\users\pc\appdata\roaming\360se6\application\15.3.2168.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2168.64\installer\360chromeup.exe => No File
FirewallRules: [TCP Query User{4CB7C6DF-CF48-49CE-A043-4CE1C6BE84EB}C:\users\pc\appdata\roaming\360se6\application\15.3.2185.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2185.64\installer\360chromeup.exe => No File
FirewallRules: [UDP Query User{D7AC70D1-26FF-4CAF-8921-E57A4CD4171A}C:\users\pc\appdata\roaming\360se6\application\15.3.2185.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2185.64\installer\360chromeup.exe => No File
C:\WINDOWS\system32\drivers\etc\hosts
Hosts:
FirewallRules: [TCP Query User{E97653D6-49BD-43AF-8472-C1CD65035257}C:\users\pc\appdata\roaming\360se6\application\15.3.2510.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2510.64\installer\360chromeup.exe (Beijing Qihu Technology Co., Ltd. -> 360安全浏览器)
FirewallRules: [UDP Query User{B8EA383B-DB09-4C37-8DBC-E03DC226314C}C:\users\pc\appdata\roaming\360se6\application\15.3.2510.64\installer\360chromeup.exe] => (Block) C:\users\pc\appdata\roaming\360se6\application\15.3.2510.64\installer\360chromeup.exe (Beijing Qihu Technology Co., Ltd. -> 360安全浏览器)
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: powercfg -setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
CMD: powercfg /change monitor-timeout-ac 0
CMD: powercfg /change monitor-timeout-dc 60
CMD: powercfg -change -disk-timeout-ac 0
CMD: powercfg -change -disk-timeout-dc 60
CMD: powercfg -setacvalueindex SCHEME_CURRENT SUB_SLEEP STANDBYIDLE 1800
CMD: powercfg -setdcvalueindex SCHEME_CURRENT SUB_SLEEP STANDBYIDLE 1800
CMD: powercfg /change standby-timeout-ac 10
CMD: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v SCRNSAVE.EXE /t REG_SZ /d C:\Windows\System32\Mystify.scr /f
CMD: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive /t REG_SZ /d 1 /f
CMD: reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut /t REG_SZ /d 10 /f
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\Temp\*.*
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\*
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\*
Reboot:
End::
start::
CreateRestorePoint:
EmptyTemp:
EmptyEventLogs:
RemoveProxy:
DeleteKey: HKLM\SOFTWARE\Avast Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\AVAST Software
DeleteKey: HKCU\SOFTWARE\AVAST Software
DeleteKey: HKU\.DEFAULT\SOFTWARE\AVAST Software
DeleteKey: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\SOFTWARE\AVAST Software
DeleteKey: HKLM\SOFTWARE\WOW6432Node\360Safe
DeleteKey: HKLM\SOFTWARE\WOW6432Node\LiveUpdate360
DeleteKey: HKCU\SOFTWARE\360
DeleteKey: HKCU\SOFTWARE\360Safe
DeleteKey: HKCU\SOFTWARE\360SoftMgr
DeleteKey: HKCU\SOFTWARE\LiveUpdate360
DeleteKey: HKU\.DEFAULT\SOFTWARE\360Safe
DeleteKey: HKU\.DEFAULT\SOFTWARE\LiveUpdate360
DeleteKey: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\SOFTWARE\360
DeleteKey: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\SOFTWARE\360Safe
DeleteKey: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\SOFTWARE\360SoftMgr
DeleteKey: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\SOFTWARE\LiveUpdate360
DeleteKey: HKLM\SOFTWARE\WOW6432Node\ComodoGroup
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Panda Software
DeleteValue: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe
DeleteValue: HKU\S-1-5-21-2586770459-4169581623-2973125490-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache|C:\Program Files (x86)\AVAST Software\Browser\AvastBrowserUninstall.exe
Unlock: C:\Program Files (x86)\Panda Security
C:\Users\PC\AppData\Local\Avast Software
C:\WINDOWS\Installer\bd61985.msi
C:\Program Files (x86)\Panda Security
C:\ProgramData\360SD
C:\Users\PC\AppData\Roaming\360se6
C:\Users\PC\AppData\Roaming\360Quarant
C:\ProgramData\Panda Security
C:\Users\PC\AppData\Roaming\360se6\Application\360se.exe
C:\Users\PC\AppData\Roaming\360Quarant
C:\Program Files\ReasonLabs {07922B6F5B754E582815C09E31F1D416}.
C:\ProgramData\deepscan
C:\Users\PC\AppData\Roaming\pHqGhUmEaYlNlFdX
C:\Users\PC\AppData\Roaming\RAV Endpoint Protection
C:\Users\PC\AppData\Roaming\ReasonLabs
C:\Users\PC\AppData\Local\Backup
C:\Users\PC\AppData\Local\back
C:\Program Files (x86)\Netscape
CMD: manage-bde -off C:
CMD: manage-bde -off D:
CMD: powercfg -h off
CMD: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v SmartScreenEnabled /t REG_SZ /d Off /f
CMD: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection /f /v AllowTelemetry /t REG_DWORD /d 0
CMD: reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo /f /v DisabledByGroupPolicy /t REG_DWORD /d 1
CMD: sc stop WSearch
CMD: sc stop SysMain
CMD: sc stop DiagTrack
CMD: Sc stop HPAppHelperCap
CMD: Sc stop HPDiagsCap
CMD: Sc stop XblAuthManager
CMD: Sc stop XblGameSave
CMD: Sc stop lfsvc
CMD: Sc stop Remoteaccess
CMD: Sc stop dmwappushservice
CMD: Sc stop XboxGipSvc
CMD: Sc stop CertPropSvc
CMD: Sc stop BDESVC
CMD: sc config HPDiagsCap start= disabled
CMD: sc config HPAppHelperCap start= disabled
CMD: sc config XblAuthManager start= disabled
CMD: sc config XblGameSave start= disabled
CMD: sc config lfsvc start= disabled
CMD: sc config Remoteaccess start= disabled
CMD: sc config dmwappushservice start= disabled
CMD: sc config XboxGipSvc start= disabled
CMD: sc config BDESVC start= disabled
CMD: sc config SysMain start= disabled
CMD: sc config DiagTrack start= disabled
CMD: sc config WSearch start= disabled
CMD: del /q/f/s %TEMP%\*
CMD: del /q/f/s C:\Windows\Temp\*
CMD: del /q /f "%userProfile%\AppData\Local\Temp\*"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
ExportKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
Folder: C:\Windows\System32\Tasks
Reboot:
End::
We use essential cookies to make this site work, and optional cookies to enhance your experience.