Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Jarppa at 2015-06-04 14:46:43 Running from C:\Users\Jarppa\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Jarppa (S-1-5-21-1612976865-2593797464-2764036050-1000 - Administrator - Enabled) => C:\Users\Jarppa Järjestelmänvalvoja (S-1-5-21-1612976865-2593797464-2764036050-500 - Administrator - Disabled) Vieras (S-1-5-21-1612976865-2593797464-2764036050-501 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 百度杀毒 (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: 百度杀毒 (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.) 2007 Office Systemin yhteensopivuuspaketti (HKLM-x32\...\{90120000-0020-040B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.6929 - CyberLink Corp.) Acer Arcade Deluxe (x32 Version: 3.2.6929 - CyberLink Corp.) Hidden Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0812 - Acer Incorporated) Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.95 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) - Suomi (HKLM-x32\...\{AC76BA86-7AD7-1035-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) ASUS RT-N10E Wireless Router Utilities (HKLM-x32\...\{580CA891-08DB-4B6F-B0C1-DF1D149671D7}) (Version: 4.2.3.5 - ASUS) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.739 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform) Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) Dracula 4 and 5 - Special Steam Edition (HKLM-x32\...\Dracula 4 and 5 - Special Steam Edition_is1) (Version: - ) Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media) DVBViewer Pro (HKLM-x32\...\{C3C5F907-CF6E-4A55-93A4-6F65E978263D}_is1) (Version: 5.3.2 - Takki & Ahmad) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - ) First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media) FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.0.0.3795 - OpenSight Software LLC) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2414.0 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google) Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) HiVision DVB-T Hybrid BDA Drivers (HKLM-x32\...\TVEpaDrv) (Version: - ) Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated) HP Photosmart 5510 series Ohje (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard) HP Photosmart 5510 series -peruslaiteohjelmisto (HKLM\...\{F7803315-9424-4433-9DE8-94D8011D87D9}) (Version: 25.0.621.0 - Hewlett-Packard Co.) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated) ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.95 - LSI Corporation) Malwarebytes Anti-Malware versio 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell) Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media) Microsoft .NET Framework 4.5.2 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.3 Preview (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.53349 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-040B-0000-0000000FF1CE}_OMUI.fi-fi_{FA5CC73F-DD50-44F9-9530-DCB3C4C453F1}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Language Pack 2007 - Finnish/suomi (HKLM-x32\...\OMUI.fi-fi) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (Finnish) (HKLM-x32\...\{95120000-00AF-040B-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{7D9EF8C1-1B76-44AF-A918-86CBA6FD24C8}) (Version: 9.7.0621 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 39.0 (x86 fi) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 fi)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nancy Drew: Sea of Darkness (HKLM-x32\...\{241C6D36-570D-4616-B07F-E460AF6E59D2}) (Version: 8.0.0.30162 - Her Interactive, Inc.) Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 - Microsoft) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation) NVIDIA Grafiikkaohjain 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation) NVIDIA HD-ääniohjain 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX-järjestelmäohjelmisto 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation) Ohjelman Microsoft Office Excel 2007 Help päivitys (KB963678) (HKLM-x32\...\{90120000-0016-040B-0000-0000000FF1CE}_OMUI.fi-fi_{2C35886E-A67C-494A-8E1C-C6B4E415BBDD}) (Version: - Microsoft) Ohjelman Microsoft Office Powerpoint 2007 Help päivitys (KB963669) (HKLM-x32\...\{90120000-0018-040B-0000-0000000FF1CE}_OMUI.fi-fi_{BD88D384-046E-4E6F-A48B-BC3757C01BA5}) (Version: - Microsoft) Ohjelman Microsoft Office Word 2007 Help päivitys (KB963665) (HKLM-x32\...\{90120000-001B-040B-0000-0000000FF1CE}_OMUI.fi-fi_{3D728445-D30E-4E78-BCC6-722FE68CB22B}) (Version: - Microsoft) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) RAIDXpert (HKLM-x32\...\InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}) (Version: 3.3.1540.38 - AMD) RAIDXpert (x32 Version: 3.3.1540.38 - AMD) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.) SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Valokuvavalikoima (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated) Windows Liven peruspaketti (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) VirtualDJ PRO Full (HKLM-x32\...\{EDA76D78-8C23-4245-A4B1-4A9217AC9CF3}) (Version: 7.4.1 - Atomix Productions) X-Chat 2.8.6-2 (HKLM-x32\...\X-Chat 2_is1) (Version: 2.8.6-2 - SilvereX) 百度杀毒3.0 (HKLM-x32\...\百度杀毒) (Version: 3.0.0.4605 - 百度在线网络技术(北京)有限公司) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 01-06-2015 16:12:51 Removed MSXML 4.0 SP3 Parser 01-06-2015 16:15:13 Removed Nero Video 2015. 01-06-2015 16:21:37 Windows Update 01-06-2015 16:24:17 Removed Nero 2015 Content Pack. 01-06-2015 16:44:09 Removed Nero 2014. 01-06-2015 16:55:27 Removed Nero 2014. 01-06-2015 17:04:12 Removed MSXML 4.0 SP3 Parser (KB2758694) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 05:34 - 2015-02-26 20:24 - 00000083 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.iobit.com 127.0.0.1 www.asc55.iobit.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F15D670-BC6C-4A3C-9770-763C6A9E6594} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.) Task: {12424B64-EB2A-45D1-9770-139BAED6D0F1} - System32\Tasks\{664D6F67-9983-4470-80C2-6AA334899751} => pcalua.exe -a E:\FinnishDemoShield\Setup.exe -d E:\FinnishDemoShield Task: {47C48FA0-25EB-49B1-B683-B3160B7C3D0E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {490B98F1-2111-4A1F-BFA2-08DB4EAFF15A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation) Task: {5262BE67-49C0-44BF-A2F1-1CEA6FE805AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-17] (Adobe Systems Incorporated) Task: {604080EF-9307-4CFF-A807-221A091FAA71} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8759FB06-606C-4B35-B308-AE45F259C1B0} - System32\Tasks\{98B96767-07C3-4C31-BD84-FA3DD7B583DB} => pcalua.exe -a "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\Uninstall.exe" -c "C:\Program Files (x86)\Acer GameZone\Farm Frenzy 2\install.log" Task: {9FEBF27B-AAFC-42E3-8ADF-6A2FC9D2908E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-11-27] (Microsoft Corporation) Task: {AEAC2C2C-F482-4B98-8F52-ED8AC0A8C0A2} - System32\Tasks\{9C1F9D67-55EA-4078-B2E1-6F3E9FFCC882} => pcalua.exe -a E:\FinnishDemoShield\Driver\Setup.exe -d E:\FinnishDemoShield\Driver Task: {BB9E1894-4AB0-47AE-A330-995552077DE1} - System32\Tasks\{F1269FB4-4F5F-4865-AC8D-565D84C9AAED} => pcalua.exe -a C:\Users\Jarppa\Desktop\flashplayer18_install_win_pi.exe -d C:\Users\Jarppa\Desktop Task: {C3AD3EAC-9866-45DB-B504-6F39878B8886} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd) Task: {D9D24DE5-9D5E-4513-A269-06BF628F1F71} - System32\Tasks\{BF13D931-85E4-4162-B077-C3B63A7254EF} => pcalua.exe -a C:\Users\Jarppa\Desktop\blazingcolorsviz.exe -d C:\Users\Jarppa\Desktop Task: {DE3AD2B6-F8D3-4A6F-99D8-42119D481B5E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation) Task: {ED9BF83E-4066-49FD-856A-F2784A5FB9AA} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe Task: {FBCBD40E-61D8-4523-A855-B6266AC2F69C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-11-26 16:52 - 2015-02-04 05:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-06-01 11:46 - 2015-06-01 11:46 - 00124296 _____ () C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDKVDeskBand64.dll 2010-07-15 07:44 - 2010-07-15 07:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll 2015-05-08 21:50 - 2015-05-08 21:50 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1035.dll 2015-06-01 11:46 - 2015-06-01 11:46 - 00403848 _____ () C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMCommon.dll 2014-03-31 22:35 - 2014-03-31 22:35 - 00278208 _____ () C:\Program Files (x86)\Windows Live\Writer\fi\WindowsLive.Writer.Localization.resources.dll 2015-04-25 09:39 - 2015-04-25 09:40 - 17083568 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_95.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\1001movie.com -> 1001movie.com IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\1001night.biz -> 1001night.biz IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\100gal.net -> 100gal.net IE restricted site: HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\100sexlinks.com -> 100sexlinks.com There are 4788 more restricted sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jarppa\AppData\Roaming\Mozilla\Firefox\Työpöydän taustakuva.bmp DNS Servers: 109.204.194.2 - 109.204.194.3 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{B26C53FA-71FD-412F-9D01-CB6AC22B8A74}] => (Allow) svchost.exe FirewallRules: [TCP Query User{4E0E41A8-0CBD-4673-957A-420F1A2C43BF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{ADB41BDA-6DE4-42FD-AAAC-D240DA048025}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{7FC65B90-DAC0-4A23-9A96-359E3F6D56F4}C:\program files (x86)\x-chat 2\xchat.exe] => (Allow) C:\program files (x86)\x-chat 2\xchat.exe FirewallRules: [UDP Query User{CFD38D2F-AE9B-415B-BE42-770B989350D3}C:\program files (x86)\x-chat 2\xchat.exe] => (Allow) C:\program files (x86)\x-chat 2\xchat.exe FirewallRules: [{35C76088-698B-48B8-AC66-FB235A653D66}] => (Allow) C:\Users\Jarppa\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FBEED914-DA33-4C7B-99E2-EC140C884CC1}] => (Allow) C:\Users\Jarppa\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{8B55A6B3-B09B-43DC-A944-03C4F6FB2E4F}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe FirewallRules: [{DB11579C-29AC-44A5-BD27-5FA6B8221670}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe FirewallRules: [{8A6303EB-EB84-4118-8C66-DDD00F29ECC9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{E0C7CC0E-A1D4-44D2-BDFA-1EF03439F003}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{EDA3C3F1-35F5-4A5D-A924-3D2F50054AC2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{DF476EF7-53F1-444B-B47E-065320D806DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{5161FBE4-FB51-458A-A5A3-AEE886D1F580}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{94A30895-5BBC-4E7D-88D0-1D4FDB3ED385}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{0AD2EA0E-533D-4B49-B27C-644A2BA00469}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{96EB9145-9B29-43B8-9943-1C00CE3B2382}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{38C2196B-66C3-454D-A02F-F81D13A6C328}] => (Allow) LPort=2869 FirewallRules: [{9F569AD5-DD37-47DA-AD3C-AFA0ECCA14F3}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{DE2E59FE-5D0A-4FAF-A6AB-8EF6C748558B}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe FirewallRules: [UDP Query User{B0F44EBA-7A8D-4025-BA74-FA4CF4017EFF}C:\program files (x86)\virtualdj\virtualdj_pro.exe] => (Allow) C:\program files (x86)\virtualdj\virtualdj_pro.exe FirewallRules: [{71B98B4D-7858-4BC1-B671-E885299F5F9E}] => (Allow) E:\RouterSetup\QISWizard.exe FirewallRules: [{95779A72-2F1D-4E05-B1F6-D092B62ECEC5}] => (Allow) E:\RouterSetup\QISWizard.exe FirewallRules: [TCP Query User{7C750146-AF51-4CC7-B2AB-B13FBD6CD49D}E:\routersetup\qiswizard.exe] => (Allow) E:\routersetup\qiswizard.exe FirewallRules: [UDP Query User{159231D8-6EF5-46F9-9627-847BFC539E9A}E:\routersetup\qiswizard.exe] => (Allow) E:\routersetup\qiswizard.exe FirewallRules: [{BDC38DFD-E5E7-4942-8B49-220104351B9D}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\Discovery.exe FirewallRules: [{6F93FDE5-3743-4573-B475-E04BDC4F943F}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\Discovery.exe FirewallRules: [{69E23BCE-99E6-497B-895D-E667CEF0FA56}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\Rescue.exe FirewallRules: [{1CD8D523-5CBA-4CCC-89ED-DF67CEA40F68}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\Rescue.exe FirewallRules: [{D9680AB5-3A33-4A70-AB8B-7511FA78E2BA}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\LiveUpdate.exe FirewallRules: [{B4F64B14-2865-4B19-B530-C659B0DC45EE}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\LiveUpdate.exe FirewallRules: [{6194F14A-92F7-49A1-96E2-0BB8DD892A03}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\QISWizard.exe FirewallRules: [{F4D8E856-F4CE-4B01-85A6-DD5073444A87}] => (Allow) C:\Program Files (x86)\ASUS\RT-N10E Wireless Router Utilities\QISWizard.exe FirewallRules: [{49AA5B7D-0D53-4526-9C8D-18E2BB99165D}] => (Allow) LPort=8743 FirewallRules: [{3119989A-D186-4A7F-A7F3-2EB1E5AE7850}] => (Allow) LPort=8643 FirewallRules: [{B03AF8C7-19C0-4298-A6C3-C78F99E28A5D}] => (Allow) LPort=7676 FirewallRules: [{F90CA059-7DCF-4FD5-9FD7-5781D18450DD}] => (Allow) LPort=7679 FirewallRules: [{BBB88789-823C-48A0-B704-7E1A0D17FBB3}] => (Allow) LPort=24234 FirewallRules: [{2388E8F0-DDBE-4863-A231-10B1FE833A21}] => (Allow) LPort=7900 FirewallRules: [{EE282F1F-97A8-4306-AA60-F37C113A4080}] => (Allow) LPort=1900 FirewallRules: [{D3AA6A16-BE95-44F6-9EA0-DEB504500FCA}] => (Allow) C:\Program Files (x86)\DVBViewer\dvbviewer.exe FirewallRules: [{9F7B07E5-1156-4ABC-9A5B-4F1575D29A59}] => (Allow) C:\Program Files (x86)\DVBViewer\dvbviewer.exe FirewallRules: [{AF3A353A-71B3-44F6-9B57-26A96538B59D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F2A16BE9-D7AD-43D1-9407-4123D25AC555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{660C8DA8-E592-492E-A3FB-2FF843A1EDD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{80D71E04-3F27-441C-B0A2-B53837868670}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe FirewallRules: [{115A5209-1D1B-49BF-97A7-B0E9B6F8FA15}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe FirewallRules: [{EE94DDF4-0B16-4E8D-8EFB-6957AE8BD3D2}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe FirewallRules: [{32756EA8-AE4E-4F3A-95B8-DF543F1F6FAB}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe FirewallRules: [{21CD26B2-52B0-4E63-972E-B414DAE86C80}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe FirewallRules: [{BAE60FE3-B599-43A1-97A9-D57D9C40A101}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe FirewallRules: [{7199E027-F761-4203-8A6E-7A79DB0BE7EB}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe FirewallRules: [{E86A4F47-CB98-484E-98DD-7D3C0772F730}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe FirewallRules: [{7D7D6ED8-18C5-48D2-BAAC-C2B7D91FFD25}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe FirewallRules: [{98F5F786-38DC-4AF8-8814-9BC4E10E9635}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe FirewallRules: [{BA9042FD-2644-4B3E-9DB1-D0EBD49FDEA5}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe FirewallRules: [{228D584C-1831-4BA4-A426-6115B88BD5D0}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe FirewallRules: [{127EB36C-6390-4F25-B27F-5B05E713619C}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe FirewallRules: [{2C2F264D-C271-451F-B3E1-96E106A9F719}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe FirewallRules: [{8AC0B284-DBBF-43FB-9C1D-0F9524F382C1}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe FirewallRules: [{7CFFE76F-42B9-4F4F-87DC-A7F1B0537C00}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe FirewallRules: [{3FC0D2E0-4A5A-4066-B15C-4A25E2B7DFA6}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe FirewallRules: [{56EC007E-22F6-40DF-BA17-43B3FBF13A3D}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe FirewallRules: [{F07004E1-045F-4CC5-81E9-4AEFED9067D9}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe FirewallRules: [{DD186DED-BF3E-40EF-89CD-13BB6A5CFC2D}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdUProxy64.exe FirewallRules: [{8CF5C823-276B-4528-BD6C-58E7D3D8515E}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BdBro.exe FirewallRules: [{A3474619-A4BE-46FC-A94D-11E2AFAD25F7}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BdBro.exe FirewallRules: [{BFF77186-7CD9-474E-ABAB-F9DD4E37EA2F}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BdBro.exe FirewallRules: [{AE923EF1-6299-4866-8D2B-DEE5059CF8CE}] => (Allow) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BdBro.exe FirewallRules: [{360A737F-77A9-4F38-9FA1-BD0FC891D733}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe FirewallRules: [{EB2F709D-1332-4250-9EAA-6CBF84558B94}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe FirewallRules: [{382A18B9-7808-4F9B-BC23-D852B01518BC}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe FirewallRules: [{5469FDB0-1320-4BEC-9A57-EB274B9ABA7C}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe FirewallRules: [{530762C8-17B6-43C7-AA08-141CD462FB9C}] => (Allow) C:\Program Files (x86)\Common Files\Baidu\BDDownload\108\bddownloader.exe FirewallRules: [{B50B1C42-E301-469D-9D0C-DABC51D73E98}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\fbivn_71280.exe FirewallRules: [{66A4C166-CBAE-444B-9178-805C44A92C26}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\fbivn_71280.exe FirewallRules: [{810B44AC-AC93-41CB-B5C7-7C9935F03F1B}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\fbivn_71280.exe FirewallRules: [{D7BC2522-C772-4DDD-890F-FA0632C6D3CA}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\fbivn_71280.exe FirewallRules: [{3BDD233C-B9AD-4C84-99DD-245E60F61CE8}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\nsf7699.tmp\shzlf.dll FirewallRules: [{656E7852-3A93-4615-AEF4-C56B9BCEAAA2}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\nsf7699.tmp\shzlf.dll FirewallRules: [{845E5F11-4BB9-4F3A-82E1-AB696A8C572A}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\nsf7699.tmp\shzlf.dll FirewallRules: [{81214A4B-DC6C-4152-9E34-9D5FF7ADBEF2}] => (Allow) C:\Users\Jarppa\AppData\Local\Temp\nsf7699.tmp\shzlf.dll ==================== Faulty Device Manager Devices ============= Name: Microsoft PS/2-hiiri Description: Microsoft PS/2-hiiri Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Microsoft 6to4 -sovitin Description: Microsoft 6to4 -sovitin Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Microsoft ISATAP -sovitin Description: Microsoft ISATAP -sovitin Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo -tunnelointisovitin Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: PS/2-vakionäppäimistö Description: PS/2-vakionäppäimistö Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Vakionäppäimistöt) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/04/2015 00:34:40 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/04/2015 00:34:36 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/04/2015 00:34:35 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/04/2015 01:25:28 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 11:40:12 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 11:08:26 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 11:08:22 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 11:08:21 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 11:07:58 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Aktivointikontekstin luonti kohteelle C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest1 epäonnistui. Virhe luettelo- tai käytäntötiedoston C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest2 rivillä C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest3. Sovelluksen edellyttämä osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa. Ristiriitaiset osat: Osa 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_fa381d5f175bfb52.manifest. Osa 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458.manifest. Error: (06/03/2015 09:29:45 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Viallisen sovelluksen nimi: plugin-container.exe, versio: 39.0.0.5621, aikaleima: 0x5561325d Viallisen moduulin nimi: mozglue.dll, versio: 39.0.0.5621, aikaleima: 0x556121d2 Poikkeuskoodi: 0x80000003 Virhepoikkeama: 0x0000f10d Viallisen prosessin tunnus: 0x19ec Viallisen sovelluksen käynnistysaika: 0xplugin-container.exe0 Viallisen sovelluksen polku: plugin-container.exe1 Viallisen moduulin polku: plugin-container.exe2 Raportin tunnus: plugin-container.exe3 System errors: ============= Error: (06/04/2015 00:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Palvelua eapihdrv ei voi käynnistää. Virhekoodi on %%1275 Error: (06/04/2015 00:40:15 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Jarppa\AppData\Local\Temp\ehdrv.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Error: (06/04/2015 00:40:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Palvelua eapihdrv ei voi käynnistää. Virhekoodi on %%1275 Error: (06/04/2015 00:40:14 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Jarppa\AppData\Local\Temp\ehdrv.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Error: (06/04/2015 00:40:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Palvelua eapihdrv ei voi käynnistää. Virhekoodi on %%1275 Error: (06/04/2015 00:40:13 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Jarppa\AppData\Local\Temp\ehdrv.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Error: (06/04/2015 00:39:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Palvelua eapihdrv ei voi käynnistää. Virhekoodi on %%1275 Error: (06/04/2015 00:39:57 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Jarppa\AppData\Local\Temp\ehdrv.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Error: (06/04/2015 00:39:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Palvelua eapihdrv ei voi käynnistää. Virhekoodi on %%1275 Error: (06/04/2015 00:39:56 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Jarppa\AppData\Local\Temp\ehdrv.sys ei voi latautua, koska se ei ole yhteensopiva tämän järjestelmän kanssa. Pyydä yhteensopiva ohjainversio ohjelmistotoimittajalta. Microsoft Office: ========================= CodeIntegrity Errors: =================================== Date: 2015-02-19 22:00:39.076 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 22:00:38.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 22:00:33.885 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 22:00:33.760 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:59:44.040 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:59:43.916 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:58:23.379 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:58:23.254 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:58:07.022 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-19 21:58:06.887 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\RltkAPO64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 240 Processor Percentage of memory in use: 54% Total physical RAM: 4079.88 MB Available physical RAM: 1848.73 MB Total Pagefile: 8457.96 MB Available Pagefile: 5264.52 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:458.95 GB) (Free:278.72 GB) NTFS Drive d: (Asema) (Fixed) (Total:459.27 GB) (Free:340.51 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.3 GB) (Disk ID: 92775668) Partition 1: (Not Active) - (Size=13 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=459.3 GB) - (Type=OF Extended) ==================== End of log ============================
Ei kun sun piti tehdä seuraavasti. Sulla on FRST työoöydällä Nyt luo työpöydälle tekstitiedosto ja kopioi siihen alla olevassa laatikossa olevat tiedot. Kun olet kopioinut tiedot tekstitiedostoon Tallenna tiekstitiedosto nimellä fixlist työpöydälle Aukaise FRST ja klikkaa Fix Kun poisto on valmis niin työpöydäle tallentuu Fixlog niminen tekstitiedosto liitä se tänne Code: AV: 百度杀毒 (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} AS: 百度杀毒 (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\baidusdTray.exe [2474952 2015-06-01] (百度在线网络技术(北京)有限公司) HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-06-01] (百度在线网络技术(北京)有限公司) HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll [2015-06-01] () R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-01] (百度在线网络技术(北京)有限公司) R2 BDKVRTP; C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-06-01] (百度在线网络技术(北京)有限公司) R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-06-01] (Baidu) R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-06-01] (Baidu) R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-06-01] (Baidu) R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-06-01] (Baidu Technology) R2 BDDefense; C:\Windows\system32\drivers\BDDefense.sys [103752 2015-06-01] (Baidu) R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-06-01] (Baidu) 2015-06-01 11:59 - 2015-06-01 13:35 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件 2015-06-01 11:47 - 2015-06-01 11:46 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys 2015-06-01 11:46 - 2015-06-01 15:59 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS 2015-06-01 11:46 - 2015-06-01 11:46 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys 2015-06-01 11:45 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148335-1020-0308-142347000000 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\ProgramData\BDSReport 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\Program Files (x86)\BaiduSd3.0 2015-06-01 11:44 - 2015-06-03 00:46 - 00000000 ____D () C:\ProgramData\Baidu 2015-06-01 11:44 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148298-1020-0308-142347000000 127.0.0.1 www.iobit.com 127.0.0.1 www.asc55.iobit.com
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Jarppa at 2015-06-04 15:28:29 Run:3 Running from C:\Users\Jarppa\Desktop Loaded Profiles: Jarppa (Available Profiles: Jarppa) Boot Mode: Normal ============================================== fixlist content: ***************** AV: ???? (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} AS: ???? (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D (????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\baidusdTray.exe [2474952 2015-06-01] (????????(??)????) HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-06-01] (????????(??)????) HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll [2015-06-01] () R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-01] (????????(??)????) R2 BDKVRTP; C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-06-01] (????????(??)????) R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-06-01] (Baidu) R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-06-01] (Baidu) R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-06-01] (Baidu) R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-06-01] (Baidu Technology) R2 BDDefense; C:\Windows\system32\drivers\BDDefense.sys [103752 2015-06-01] (Baidu) R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-06-01] (Baidu) 2015-06-01 11:59 - 2015-06-01 13:35 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? 2015-06-01 11:47 - 2015-06-01 11:46 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys 2015-06-01 11:46 - 2015-06-01 15:59 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS 2015-06-01 11:46 - 2015-06-01 11:46 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys 2015-06-01 11:45 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148335-1020-0308-142347000000 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\ProgramData\BDSReport 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\Program Files (x86)\BaiduSd3.0 2015-06-01 11:44 - 2015-06-03 00:46 - 00000000 ____D () C:\ProgramData\Baidu 2015-06-01 11:44 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148298-1020-0308-142347000000 127.0.0.1 www.iobit.com 127.0.0.1 www.asc55.iobit.com *Trinity*, 4 minuuttia sitten Raportoi #22 Kiitä viestistä + Lainaa Vastaa ***************** AV: ???? (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} => The item is protected. Make sure the software is uninstalled and its services is removed. AS: ???? (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} => The item is protected. Make sure the software is uninstalled and its services is removed. "C:\ProgramData\Temp" => ":AB689DEA" ADS not found. "C:\ProgramData\Temp" => ":E1F04E8D" ADS not found. (????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe => Error: No automatic fix found for this entry. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value Removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value could not remove. HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value not found. HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin => key not found. C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll not found. BaiduHips => Unable to stop service. BaiduHips => Service could not remove BDKVRTP => Unable to stop service. BDKVRTP => Service could not remove bd0001 => Unable to stop service. bd0001 => Service could not remove bd0002 => Unable to stop service. bd0002 => Service could not remove bd0003 => Unable to stop service. bd0003 => Service could not remove BDArKit => Unable to stop service. BDArKit => Service could not remove BDDefense => Unable to stop service. BDDefense => Service could not remove BDMWrench_x64 => Unable to stop service. BDMWrench_x64 => Service could not remove "C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move: Could not move "C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDMWrench_x64.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDDefense.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0001.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0002.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDArKit.SYS" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0003.sys" => Scheduled to move on reboot. "C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148335-1020-0308-142347000000" => File/Folder not found. "C:\ProgramData\BDSReport" => File/Folder not found. "C:\Program Files (x86)\BaiduSd3.0" folder move: Could not move "C:\Program Files (x86)\BaiduSd3.0" folder => Scheduled to move on reboot. "C:\ProgramData\Baidu" folder move: Could not move "C:\ProgramData\Baidu" folder => Scheduled to move on reboot. "C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148298-1020-0308-142347000000" => File/Folder not found. 127.0.0.1 www.iobit.com => Error: No automatic fix found for this entry. 127.0.0.1 www.asc55.iobit.com => Error: No automatic fix found for this entry. *Trinity*, 4 minuuttia sitten => Error: No automatic fix found for this entry. Raportoi => Error: No automatic fix found for this entry. #22 => Error: No automatic fix found for this entry. Kiitä viestistä => Error: No automatic fix found for this entry. + Lainaa => Error: No automatic fix found for this entry. Vastaa => Error: No automatic fix found for this entry. sori tämä mun sählääminen näiden kans
Käynnistä kone uudelleen Kerro miten se vaikutti FRST ei pystynyt näköjään poistamaan kaikkea koska se virustorjunta on käytössä. Aja vielä kertaalleen JRT ja adwcleaner
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015 Ran by Jarppa at 2015-06-04 15:28:29 Run:3 Running from C:\Users\Jarppa\Desktop Loaded Profiles: Jarppa (Available Profiles: Jarppa) Boot Mode: Normal ============================================== fixlist content: ***************** AV: ???? (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} AS: ???? (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D (????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\baidusdTray.exe [2474952 2015-06-01] (????????(??)????) HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-06-01] (????????(??)????) HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\...\Run: [apphide] => C:\Program Files (x86)\baidu\baidu.exe FF Plugin-x32: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll [2015-06-01] () R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-01] (????????(??)????) R2 BDKVRTP; C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-06-01] (????????(??)????) R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-06-01] (Baidu) R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-06-01] (Baidu) R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-06-01] (Baidu) R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-06-01] (Baidu Technology) R2 BDDefense; C:\Windows\system32\drivers\BDDefense.sys [103752 2015-06-01] (Baidu) R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-06-01] (Baidu) 2015-06-01 11:59 - 2015-06-01 13:35 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? 2015-06-01 11:47 - 2015-06-01 11:46 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys 2015-06-01 11:46 - 2015-06-01 15:59 - 00103752 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys 2015-06-01 11:46 - 2015-06-01 11:46 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.SYS 2015-06-01 11:46 - 2015-06-01 11:46 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys 2015-06-01 11:45 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148335-1020-0308-142347000000 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\ProgramData\BDSReport 2015-06-01 11:45 - 2015-06-01 11:45 - 00000000 ____D () C:\Program Files (x86)\BaiduSd3.0 2015-06-01 11:44 - 2015-06-03 00:46 - 00000000 ____D () C:\ProgramData\Baidu 2015-06-01 11:44 - 2015-06-02 02:33 - 00000000 ____D () C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148298-1020-0308-142347000000 127.0.0.1 www.iobit.com 127.0.0.1 www.asc55.iobit.com *Trinity*, 4 minuuttia sitten Raportoi #22 Kiitä viestistä + Lainaa Vastaa ***************** AV: ???? (Enabled - Up to date) {FDA918B3-27C7-3B2B-33D0-343EAE5EB318} => The item is protected. Make sure the software is uninstalled and its services is removed. AS: ???? (Enabled - Up to date) {46C8F957-01FD-34A5-0960-0F4CD5D9F9A5} => The item is protected. Make sure the software is uninstalled and its services is removed. "C:\ProgramData\Temp" => ":AB689DEA" ADS not found. "C:\ProgramData\Temp" => ":E1F04E8D" ADS not found. (????????(??)????) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe => Error: No automatic fix found for this entry. (????????(??)????) C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe => Error: No automatic fix found for this entry. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value Removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\baidusdTray => value could not remove. HKU\S-1-5-21-1612976865-2593797464-2764036050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\apphide => value not found. HKLM\Software\Wow6432Node\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin => key not found. C:\Program Files (x86)\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll not found. BaiduHips => Unable to stop service. BaiduHips => Service could not remove BDKVRTP => Unable to stop service. BDKVRTP => Service could not remove bd0001 => Unable to stop service. bd0001 => Service could not remove bd0002 => Unable to stop service. bd0002 => Service could not remove bd0003 => Unable to stop service. bd0003 => Service could not remove BDArKit => Unable to stop service. BDArKit => Service could not remove BDDefense => Unable to stop service. BDDefense => Service could not remove BDMWrench_x64 => Unable to stop service. BDMWrench_x64 => Service could not remove "C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder move: Could not move "C:\Users\Jarppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" folder => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDMWrench_x64.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDDefense.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0001.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0002.sys" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\BDArKit.SYS" => Scheduled to move on reboot. Could not move "C:\Windows\system32\Drivers\bd0003.sys" => Scheduled to move on reboot. "C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148335-1020-0308-142347000000" => File/Folder not found. "C:\ProgramData\BDSReport" => File/Folder not found. "C:\Program Files (x86)\BaiduSd3.0" folder move: Could not move "C:\Program Files (x86)\BaiduSd3.0" folder => Scheduled to move on reboot. "C:\ProgramData\Baidu" folder move: Could not move "C:\ProgramData\Baidu" folder => Scheduled to move on reboot. "C:\Users\Jarppa\AppData\Roaming\4BA6FB90-1433148298-1020-0308-142347000000" => File/Folder not found. 127.0.0.1 www.iobit.com => Error: No automatic fix found for this entry. 127.0.0.1 www.asc55.iobit.com => Error: No automatic fix found for this entry. *Trinity*, 4 minuuttia sitten => Error: No automatic fix found for this entry. Raportoi => Error: No automatic fix found for this entry. #22 => Error: No automatic fix found for this entry. Kiitä viestistä => Error: No automatic fix found for this entry. + Lainaa => Error: No automatic fix found for this entry. Vastaa => Error: No automatic fix found for this entry. Junkware Removal Tool (JRT) by Thisisu Version: 6.8.8 (06.03.2015:1) OS: Windows 7 Home Premium x64 Ran by Jarppa on to 04.06.2015 at 19:07:09,74 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Failed to stop: [Service] baiduhips Failed to stop: [Service] bd0001 Failed to stop: [Service] bd0002 Failed to stop: [Service] bd0003 Failed to stop: [Service] bdarkit Failed to stop: [Service] bdkvrtp Failed to stop: [Service] bdmwrench_x64 ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1B2639A9-EE25-4AE7-A2E3-B308F08125C4} ~~~ Files Successfully deleted: [File] C:\Windows\prefetch\BAIDUHIPSBUGRPT.EXE-7ACFF3B7.pf Successfully deleted: [File] C:\Windows\prefetch\BAIDUHIPSUPDATE.EXE-9B1FE042.pf Successfully deleted: [File] C:\Windows\prefetch\BAIDUSD.EXE-7DD3944B.pf Successfully deleted: [File] C:\Windows\prefetch\BAIDUSDTRAY.EXE-63F54563.pf Successfully deleted: [File] C:\Windows\prefetch\BAIDUSDUPDATE.EXE-BC5CBC32.pf Successfully deleted: [File] C:\Windows\prefetch\BAIDUSDUPROXY64.EXE-FA566AE8.pf ~~~ Folders Failed to delete: [Folder] C:\ProgramData\baidu Successfully deleted: [Folder] C:\Users\Jarppa\AppData\Roaming\baidu ~~~ FireFox Successfully deleted the following from C:\Users\Jarppa\AppData\Roaming\mozilla\firefox\profiles\sadgjijk.default\prefs.js user_pref(plugin.state.npbaidusddetectplug, 0); ~~~ Chrome [C:\Users\Jarppa\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Jarppa\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Jarppa\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Jarppa\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on to 04.06.2015 at 19:11:17,13 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ tässä vielä nämä lokit,ei vaikuttanut mitään,se on edelleen koneellani riesana
Sun pitäisi varmaan sulkea toi baidun prosessi.. Sillä näyttäisi olevan root oikeudet eli et voi pysäyttää sitä normaaleilla konsteilla. Tossa on malliksi yhden prosessin sulkeminen, eli komentokehoite cmd.exe suorita järjestelmänvalvojana: Kopsaa noi rivit yksi kerrallaan komentokehoitteeseen ja paina enteriä sc stop "BHipsSvc" sc config "BHipsSvc" start= disabled sc delete "BHipsSvc"
Tosiaan enpäs ajatellut järkevästi dijari sen jälkeen kun olet pysäyttänyt noi prosessit aja FRST fix uudelleen Ja sen jälkeen vielä varmuudeksi JRT ja Adwcleaner
Win nappi hakukenttään msconfig Käynnistä se palvelut kohdasta piilota kaikki microsotin palvelut. etsi baidua ensin sieltä, mikäli löytyy pysäytä palvelu. sitten msconfigin ohjelmat kohdasta täppä pois jos on joku baiduun viittaava siellä. sitten lataa MBAM https://www.malwarebytes.org/mwb-download aja se
tuo Malwarebytes löysi 2uhkaa,mutta sain poistettua nyt sen baidun kiitos vielä paljon hyvistä neuvoista <record severity="debug" LoggingEventType="2" datetime="2015-06-05T11:13:29.288555+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="e3236677-9775-4ba1-89e3-c9d3be1f9019" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T11:13:29.298555+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="3281871a-013d-4bcb-9dca-1430906dc3b4" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="4" datetime="2015-06-05T15:40:07.391351+03:00" source="Protection" type="Error" username="SYSTEM" systemname="JARPPA-PC" code="13" last_modified_tag="231571ea-726e-4dc0-9e37-5e4f7b31ea41" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T15:40:07.438151+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="eacf649e-bd5e-4fb9-9577-54c2280d2039" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T15:40:07.438151+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="4c65bc8f-3236-4c51-b81d-b0562750bc83" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="4" datetime="2015-06-05T16:16:06.777763+03:00" source="Protection" type="Error" username="SYSTEM" systemname="JARPPA-PC" code="13" last_modified_tag="c31f045e-000c-40b5-bf15-ad49aaddcb5a" message="IsLicensed"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T16:16:06.840163+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="bc2c9c87-4a0b-40e8-b54d-6abbabc2c897" result="Stopping" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T16:16:06.840163+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="3ec51f93-dee4-4ee3-809e-2ab6b8e81ff5" result="Stopped" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:00.689453+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="55b6d933-72cf-4e33-ad01-75dbac0dd22b" result="Starting" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:00.732455+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="3dccf75a-0ef6-4693-8685-0446de00a93b" result="Started" subtype="Malware Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:00.754457+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="0a66993c-2b70-47dc-8d74-7530801d0516" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:01.199482+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="70145971-82b9-4d7d-97ab-7b435bc17d27" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="1" datetime="2015-06-05T20:14:03.277601+03:00" source="Manual" type="Update" username="SYSTEM" systemname="JARPPA-PC" fromVersion="2015.3.9.1" last_modified_tag="5f96e8f2-fe7b-41a1-a9cf-940643b3cd2e" name="Remediation Database" toVersion="2015.5.13.1"></record> <record severity="debug" LoggingEventType="1" datetime="2015-06-05T20:14:03.681624+03:00" source="Manual" type="Update" username="SYSTEM" systemname="JARPPA-PC" fromVersion="2015.2.25.1" last_modified_tag="322ee4de-6cc5-472b-a378-e682c1dc38ca" name="Rootkit Database" toVersion="2015.6.2.1"></record> <record severity="debug" LoggingEventType="1" datetime="2015-06-05T20:14:07.943868+03:00" source="Manual" type="Update" username="SYSTEM" systemname="JARPPA-PC" fromVersion="2015.3.9.5" last_modified_tag="43c675e9-e0ba-4f2a-8aba-5f23e72c0dbd" name="Malware Database" toVersion="2015.6.5.4"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:08.596905+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="a328de42-6dec-45c5-9fae-665385efd104" result="Starting" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:08.609906+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="4e7b842c-993d-49fd-ac94-5fca8cf3c374" result="Stopping" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:08.669909+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="9990feeb-0642-4fad-a228-331e65e67990" result="Stopped" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:20.455584+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="eb0cbf7a-6e45-4ad7-99f3-d282a5a0d5d5" result="Success" subtype="Refresh"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:20.493586+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="19688076-7427-40b1-9fed-ee1ab454ba5f" result="Starting" subtype="Malicious Website Protection"></record> <record severity="debug" LoggingEventType="2" datetime="2015-06-05T20:14:20.767601+03:00" source="Protection" type="Protection" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="e91eba23-3d1f-49d0-8afd-dff12a10d991" result="Started" subtype="Malicious Website Protection"></record> <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2015-06-05T20:14:02+03:00" datetime="2015-06-05T20:29:10.006463+03:00" source="Context" type="Scan" username="SYSTEM" systemname="JARPPA-PC" last_modified_tag="e96d1725-0007-411d-9eea-053918ef7284" duration="896" malwaredetections="0" nonmalwaredetections="2" scanresult="completed"></record> </logs> <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2015/06/05 20:14:02 +0300</date> <logfile>mbam-log-2015-06-05 (20-14-01).xml</logfile> <isadmin>yes</isadmin> </header> <engine> <version>2.01.6.1022</version> <malware-database>v2015.06.05.04</malware-database> <rootkit-database>v2015.06.02.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Jarppa</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>377625</objects> <time>896</time> <processes>0</processes> <modules>0</modules> <keys>2</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKU\S-1-5-21-1612976865-2593797464-2764036050-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}</path><vendor>PUP.Optional.Multiplug</vendor><action>success</action><hash>de9b81c22367f64008c9d545f80b7d83</hash></key> <key><path>HKU\S-1-5-21-1612976865-2593797464-2764036050-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}</path><vendor>PUP.Optional.Multiplug</vendor><action>success</action><hash>de9b81c22367f64008c9d545f80b7d83</hash></key> </items> </mbam-log>