Ongelma Ongelmana Baidu (HjT)

dremota · 10.04.2015

Koneeseen päätti iskeä jokin tauti, joka toi mukanaan mm. 400 epäilyttävää haittaa ja yhden troijalaisen. Sain poistettua troijan ja 340 haittaa, sekä sain estettyä konetta asentamasta itsenäisesti toistakymmentä tiedostoa. Nyt kone toimii suhtkoht normaalisti, mutta tähän on pesiytynyt Baidu-niminen ohjelma, joka ei tunnu lähtevän pois niin millään.

Olen poistanut HjT:lla kahdesti kaikki silmääni sattuneet Baidut, mutta yhäkin ne siellä kummittelee. Tarttisin asiantuntevampaa apua! Jokin istartsurf tahtoo myös uusia itsensä poistoista huolimatta.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:26:47, on 10.4.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
CHROME: 41.0.2272.118
FIREFOX: 37.0.1 (x86 fi)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTClient.exe
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\skydrive.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\dremota\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\XTab\SupTab.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ap] C:\Program Files\Application Assistance\ap.exe
O4 - HKLM\..\Run: [baidusdTray] "C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
O4 - HKLM\..\Run: [BaiduAnTray] "C:\Program Files\Baidu\BaiduAn\4.0.0.5166\BaiduAnTray.exe" -stmd=3
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\dremota\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Origin\Origin.exe" -AutoStart
O10 - Unknown file in Winsock LSP: c:\windows\system32\ccl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ccl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ccl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ccl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\ccl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\AppReadiness.dll,-1000 (AppReadiness) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\appxdeploymentserver.dll,-1 (AppXSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: BaiduHips - ????????(??)???? - C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: BDKVRTP Service (BDKVRTP) - ????????(??)???? - C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
O23 - Service: BDMRTP Service (BDMRTP) - ????????(??)???? - C:\Program Files\Baidu\BaiduAn\4.0.0.5166\BaiduAnSvc.exe
O23 - Service: BDSGRTP Service (BDSGRTP) - ????????(??)???? - C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.622\BaiduProtect.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service;gadgetDataDir=C:\ProgramData\BlueStacks\UserData\Gadget" (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: @%SystemRoot%\System32\BthHFSrv.dll,-103 (BthHFSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: CCL - Unknown owner - C:\Program Files\IGS\CCL.exe (file missing)
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: globalUpdate Update Service (globalUpdate1d0739e21192d9f) (globalUpdate1d0739e21192d9f) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: globalUpdate Update Service (globalUpdatem1d0739e211df236) (globalUpdatem1d0739e211df236) - globalUpdate - C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Google Päivitä-palvelu (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Päivitä-palvelu (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Home Page Shadow (kipilyqy) - Unknown owner - C:\Users\dremota\AppData\Roaming\03000200-1428671283-0500-0006-000700080009\jnsq15CF.tmp
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\GeofenceMonitorService.dll,-1 (lfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ncbservice.dll,-500 (NcbService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @C:\Windows\system32\spool\drivers\W32X86\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe
O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ScDeviceEnum.dll,-100 (ScDeviceEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\System32\smphost.dll,-102 (smphost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\WINDOWS\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-801 (vmicguestinterface) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wephostsvc.dll,-100 (WEPHOSTSVC) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%systemroot%\system32\workfolderssvc.dll,-102 (workfolderssvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe
O23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\WINDOWS\System32\svchost.exe
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe
O23 - Service: Play Hard Drive (xecujepe) - Unknown owner - C:\Users\dremota\AppData\Roaming\03000200-1428671283-0500-0006-000700080009\nsiE7A5.tmpfs

--
End of file - 23771 bytes
Laajenna...

Näemmä haittaakin on tullut muutama kappale lisää... Malwarebytes Antimalwaresin loki sanoo:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10.4.2015
Scan Time: 18:32:15
Logfile: qwe.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.04.10.05
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x86
File System: NTFS
User: dremota

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397066
Time Elapsed: 7 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],

Registry Keys: 45
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.SupTab.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\INPROCSERVER32, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, , [9f4e2f3b0684eb4b68f945872fd4d62a],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\istartsurfSoftware, , [4f9e2f3b2664d56183932eb563a0956b],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, , [618c76f4eaa085b18a6b5692946f6997],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [d815de8ce6a4f93dc4a500c53bc8a25e],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [7479e08a90fa0036acbc3491996aaf51],
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, , [33baaac01575e74f8b89dc766f96748c],
PUP.Optional.Vosteran, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [b439b5b54b3f1521df9dc21202013ac6],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [925b0f5b12789c9a0363cff609fae31d],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, , [9657fa70434769cd9dc1d86d897c49b7],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, , [23ca2743ef9b50e6a3bc67de60a5ce32],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [69841357a1e9ff37a7d5647d05feff01],
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS, , [aa43adbdf397a1954cbdaba4cd38f60a],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaPlus-3.2cV10.04-nv, , [de0fb6b499f11f174de3399aed167c84],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaPlus-3.2cV10.04-nv-ie, , [9954c9a1b1d987afd759ffd40cf76898],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CinemaPlus-3.2cV10.04-nv-ie, , [7578d9914f3b3bfbe947a52e2ed5fb05],
PUP.Optional.Crossbrowse.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Crossbrowse, , [9c519fcb6228b1853f665c6060a3ae52],
PUP.Optional.TNT.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TNT2, , [65883535305a44f282be54736d96a759],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [0ce1d5955b2ff244e29790a7b1549868],
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, , [e409bcae16740c2a333c922a1ee50ef2],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [905db5b5b0dabc7ac5d9ac1515ee7b85],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [17d6bbafd9b1b77fe2bd408113f0a55b],
PUP.Optional.Linkey.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [1fcee783aae0af87ccd4aa175ba802fe],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [feefd5950d7d2d09ced3b50ced16f709],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [39b44327602aae888919d8e9897a52ae],
PUP.Optional.IStart.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [8d60c9a166245dd90933f8ca47bc6b95],
PUP.Optional.Wajam.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [c825c7a3622840f6fa6d6263847f41bf],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdate1d0739e21192d9f, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\globalUpdatem1d0739e211df236, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.OneClickCtrl.10, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5645E0E7-FC12-43BF-A6E4-F9751942B298}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\globalUpdate.Update3WebControl.4, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\CLASSES\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}, , [8d6078f2f496fe38fb8b5448a75c9a66],

Registry Values: 8
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [618c76f4eaa085b18a6b5692946f6997]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_fi_119, , [ea03284286048caa60ab933e0ff4ff01],
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\extensions\searchengine@gmail.com, , [c4292446dab0d6606e9975dac14440c0]
PUP.Optional.IStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\extensions\istart_ffnt@gmail.com, , [eeffed7ddeac092d730d59682dd62dd3]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, face, , [69841357a1e9ff37a7d5647d05feff01]
PUP.Optional.Tuto4Pc.A, HKLM\SOFTWARE\TUTORIALS|HostGUID, 98852BF9-925E-4ACC-987F-C8A8E13D19E7, , [aa43adbdf397a1954cbdaba4cd38f60a]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, , [e409bcae16740c2a333c922a1ee50ef2]
PUP.Optional.IStart.A, HKU\S-1-5-21-3891368836-3606624722-3275150860-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, , [8d60c9a166245dd90933f8ca47bc6b95]

Registry Data: 0
(No malicious items detected)

Folders: 45
PUP.Optional.Supporter.A, C:\Program Files\Supporter, , [35b85218296164d24fa2c107eb1847b9],
PUP.Optional.XTab.A, C:\Program Files\XTab, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [2cc15c0e62286dc9b69f3c5f40c323dd],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [2cc15c0e62286dc9b69f3c5f40c323dd],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Download, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Install, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\Offline\{E2D563D9-68B7-4228-A6E0-4A9F91BBF345}, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.MBot.A, C:\Program Files\mbot_fi_156, , [36b7aac02a6087af6d918f10ee15f808],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [7875a5c52c5e979f3bb1a01159aafc04],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [7875a5c52c5e979f3bb1a01159aafc04],
PUP.Optional.LuckySearches.A, C:\Users\dremota\AppData\Roaming\luckysearches, , [47a6abbf7119191dba2f5a5da36057a9],
PUP.Optional.LuckySearches.A, C:\Users\dremota\AppData\Roaming\luckysearches\images, , [47a6abbf7119191dba2f5a5da36057a9],
PUP.Optional.LuckySearches.A, C:\Users\dremota\AppData\Roaming\luckysearches\images\code, , [47a6abbf7119191dba2f5a5da36057a9],

Files: 132
PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, , [09e4e08aec9e0b2b5d1ee35445bb3ac6],
PUP.Optional.CrossRider.A, C:\Users\dremota\AppData\Roaming\XCSYHHL.exe, , [9f4eef7bf3973006559c8aa70bfb44bc],
PUP.Optional.CrossRider.A, C:\Users\dremota\AppData\Roaming\DYIL.exe, , [de0f1159d1b9b482935e47ea16f007f9],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchCH.dll, , [5c9183e797f3a195297f46299070e41c],
PUP.Optional.BrowserWatch, C:\Program Files\XTab\BrowerWatchFF.dll, , [0ae35515810945f10a9e501f9868cc34],
PUP.Optional.SearchProtect, C:\Program Files\XTab\BrowserAction.dll, , [d01d90dadcae90a6ac1b45fe38caa957],
PUP.Optional.SearchProtect, C:\Program Files\XTab\CmdShell.exe, , [eb02caa01278df57097fe110010450b0],
PUP.Optional.ELEX, C:\Program Files\XTab\HPNotify.exe, , [0edfc2a869218babb8795bd954aed927],
PUP.Optional.SearchProtect, C:\Program Files\XTab\IeWatchDog.dll, , [a24bdd8d90fadc5afb8cc1308382d42c],
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, , [6a8372f849415dd907303cd757ab08f8],
PUP.Optional.CrossRider, C:\Users\dremota\AppData\Local\Temp\2259.exe, , [01ecbeac6f1b320428fb5de68979d12f],
PUP.Optional.CrossRider, C:\Users\dremota\AppData\Local\Temp\8710.exe, , [77762347602a191db8ba15cefe0360a0],
PUP.Optional.CrossRider, C:\Users\dremota\AppData\Local\Temp\8938.exe, , [be2f01690882b086531f707333ced828],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Local\Temp\nsm4D4C.tmp, , [65885515840651e583bebd7cc14511ef],
PUP.Optional.OfferInstaller.C, C:\Users\dremota\AppData\Local\Temp\f9626892-7a78-3199-abd2-97bbce96297b\OfferInstaller.exe, , [d815e78348429c9a13d744f62ed4659b],
PUP.Optional.Supporter.A, C:\Program Files\Supporter\Supporter.dll, , [35b85218296164d24fa2c107eb1847b9],
PUP.Optional.ABEngine.A, C:\Windows\Temp\abengine.log, , [c825e684e1a94ee89266e5e3ff0434cc],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1028.xpi, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\SupTab_Bak.dll, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, , [43aaf575523867cf80e229a3e221f10f],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job, , [13dac1a9afdbbc7aa5ba82c10203dd23],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore, , [1cd152187c0ef4420c54d37040c58c74],
PUP.Optional.GlobalUpdate.A, C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job, , [eb022644682251e5b9a86dd6d72ec33d],
PUP.Optional.GlobalUpdate.A, C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA, , [846942281f6b3402c59d1c27ae573ac6],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [2cc15c0e62286dc9b69f3c5f40c323dd],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleCrashHandler.exe, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdate.exe, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateBroker.exe, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateOnDemand.exe, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdate.dll, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\goopdateres_en.dll, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psmachine.dll, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.T, C:\Program Files\globalUpdate\Update\1.3.25.0\psuser.dll, , [8d6078f2f496fe38fb8b5448a75c9a66],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\GoogleCrashHandler.exe, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\GoogleUpdate.exe, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\GoogleUpdateBroker.exe, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\GoogleUpdateHelper.msi, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\GoogleUpdateOnDemand.exe, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\goopdate.dll, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\goopdateres_en.dll, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\npGoogleUpdate4.dll, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\psmachine.dll, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.GlobalUpdate.A, C:\Users\dremota\AppData\Local\Temp\comh.487018\psuser.dll, , [836a91d997f382b4abf449531de6f40c],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\478.json, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\MessageBox.xml, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\uninstallDlg2.xml, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\bg.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\bg1.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\bk_shadow.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\button.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\button1.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\checkbox.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\checkbox_select.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\checked.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\close.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\loading_bg.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\loading_light.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\min.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\scrollbar.bmp, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\Thumbs.db, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\unchecked.png, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code1.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code2.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code3.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code4.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code5.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\code6.jpg, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\istartsurf\images\code\Thumbs.db, , [a64755151179ec4a08f80e92e023dd23],
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ( "homepage" : "http://www.istartsurf.com/?type=hp&...uid=WDCXWD10EARX-00N0YB0_WD-WCC0S066255762557",), ,[42ab1159018963d37cc39e9f25e14db3]
PUP.Optional.IStartSurf.A, C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\prefs.js, Good: (), Bad: (user_pref("browser.search.selectedEngine", "istartsurf"), ,[599433371872d363bd1ebb7f020433cd]
PUP.Optional.QuickStart.A, C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"), ,[df0e096122682f070e10c27bc3436b95]
PUP.Optional.CrossRider.A, C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "14ca3df4541217a1ea9e262c174bac02"), ,[5895b3b7563440f6b590df5f53b38080]

Physical Sectors: 0
(No malicious items detected)
(end)

Laajenna...

AfterDawn

JoniS · 10.04.2015

ensi alkuun aja "custom scan" kaikki kiintolevyt valittuna malwarebytesillä, tuo threat scan käy läpi vain murto-osan tiedostoista.

IlmoPJ · 10.04.2015

Malwarebytes Anti-Malwaren jälkeen aja vielä AdwCleaner, sillä poistat selainkaapparit ja muut ei toivotut tunkeilijat.
http://www.bleepingcomputer.com/download/adwcleaner/

Suorita ensin "Scan" ja sitten "Cleaning", kone käynnistyy uudelleen ja suorittaa poiston.

dremota · 10.04.2015

Kiitos teille! AdwCleaner antoi seuraavanlaisen lokin:

# AdwCleaner v4.201 - Logfile created 10/04/2015 at 20:11:17
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1 (x86)
# Username : dremota - SVEN
# Running from : C:\Users\dremota\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : bd0003
[#] Service Deleted : bd0004
[#] Service Deleted : BDArKit
[#] Service Deleted : BDMWrench
[#] Service Deleted : BDSafeBrowser
[#] Service Deleted : BDFileDefend

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
[!] Folder Deleted : C:\Program Files\baidu
Folder Deleted : C:\Program Files\globalUpdate
Folder Deleted : C:\Program Files\predm
Folder Deleted : C:\Program Files\supporter
Folder Deleted : C:\Program Files\XTab
Folder Deleted : C:\Program Files\igs
Folder Deleted : C:\Program Files\PRiCeLeSs
Folder Deleted : C:\Program Files\gmsd_fi_119
[!] Folder Deleted : C:\Program Files\Common Files\baidu
Folder Deleted : C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\baidu
Folder Deleted : C:\WINDOWS\system32\config\systemprofile\AppData\Local\StormWatch
Folder Deleted : C:\WINDOWS\system32\config\systemprofile\AppData\Local\abengine
Folder Deleted : C:\Users\dremota\AppData\Local\globalUpdate
Folder Deleted : C:\Users\dremota\AppData\Local\gmsd_fi_119
Folder Deleted : C:\Users\dremota\AppData\Roaming\baidu
Folder Deleted : C:\Users\dremota\AppData\Roaming\istartsurf
Folder Deleted : C:\Users\dremota\AppData\Roaming\ASPackage
Folder Deleted : C:\Users\dremota\AppData\Roaming\luckysearches
Folder Deleted : C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\Extensions\searchengine@gmail.com
Folder Deleted : C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\Extensions\istart_ffnt@gmail.com
File Deleted : C:\END
File Deleted : C:\Users\dremota\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\dremota\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\dremota\AppData\Roaming\Mozilla\Firefox\Profiles\dtwqeyfo.default\invalidprefs.js

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\dremota\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\dremota\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\BDDownloadProxy.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BDShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BDSWShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu
Key Deleted : HKLM\SOFTWARE\Classes\BDSWShellExt.BDSWShellExtMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ABDSWShellExt
Key Deleted : HKLM\SOFTWARE\0c374d13-9e34-9189-7916-00a4006f620c
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{40030ae4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A8B81847-1462-4756-9D4A-F506BC5361CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11292110-6F8D-4D56-863C-44902A1E7880}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9FC9D48D-C233-4FAB-99C1-46CE5A3AD105}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{70891BDB-3BE3-45A9-96B6-184ABA962091}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{15DEE173-1BE9-4424-81E0-58A87076E9B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3E4B6E7E-AB28-48B2-A6FD-65869DE2E009}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\IGS
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\????
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\????
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\igsc
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v37.0.1 (x86 fi)

[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "istartsurf");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "istartsurf");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1428681167&from=face&uid=WDCXWD10EARX-00N0YB0_WD-WCC0S066255762557&q={searchTerms}");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("extensions.C1Augv1HOJADt24P.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjaFqTnGrHn7rdY5pdsHpja4rjY\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\[...]
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "istart_ffnt%40gmail.com:5.3.7,searchengine%40gmail.com:1.0.0.1027,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1");
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[dtwqeyfo.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"istart_ffnt@gmail.com\":{\"d\":\"C:\\\\Users\\\\dremota\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\dtwqeyfo.default\\\\extensions\[...]

-\\ Google Chrome v

[C:\Users\dremota\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1428677626&from=face&uid=WDCXWD10EARX-00N0YB0_WD-WCC0S066255762557&q={searchTerms}
[C:\Users\dremota\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1428681167&from=face&uid=WDCXWD10EARX-00N0YB0_WD-WCC0S066255762557

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [12645 bytes] - [10/04/2015 20:09:21]
AdwCleaner[S0].txt - [12795 bytes] - [10/04/2015 20:11:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12855 bytes] ##########

Laajenna...

Mutta tuo perhanan Baidu ei ole vieläkään poistunut.

1pertti · 10.04.2015

Eikö Baidu lähde omalla uninstall-sovelluksellaan? Start -> Ohjauspaneeli -> Ohjelmat -> Ohjelmat ja toiminnot
Etsi Baidu, kaksoisklikkaa sitä. Klikkaa ‘I want to uninstall Baidu Antivirus’ ja lopuksi klikkaa ‘Uninstall’.
http://antivirus.baidu.com/en/faq.PHP

Edit:

JoniS sanoi: ↑

ensi alkuun aja "custom scan" kaikki kiintolevyt valittuna malwarebytesillä, tuo threat scan käy läpi vain murto-osan tiedostoista.
Laajenna...

Tuo ei aivan tarkkaan ottaen pidä paikkaansa. Threat Scan eli Uhka Scan käy kyllä läpi koko järjestelmälevyn aivan yhtä tarkasti kuin Custom Scan. Custom Scanilla voi kuitenkin tarkistaa myös muut kovalevyt kuin C-aseman.

dremota · 10.04.2015

Ei lähtenyt, oli onnellisesti koko roska kiinaksi

Mutta päädyin lopulta palauttamaan koneen. Nyt kaikki on taas reilassa.

djjari · 04.06.2015

itsellä kans sama ongelma,enkä saa sitä millään pois,se haittaohjelma oli päässyt tunkeutuun virranhallinta asetuksiin

näyttö sammui ihan eri aikaan,kun normaalisti,olisko jotain ehdotuksia jollain miten sen saan pois,ennenkun alan miettimään windowsin asentamista uudestaan

Yrjana · 28.07.2015

IlmoPJ sanoi: ↑

Malwarebytes Anti-Malwaren jälkeen aja vielä AdwCleaner, sillä poistat selainkaapparit ja muut ei toivotut tunkeilijat.
http://www.bleepingcomputer.com/download/adwcleaner/

Suorita ensin "Scan" ja sitten "Cleaning", kone käynnistyy uudelleen ja suorittaa poiston.
Laajenna...

Oli vähän vastaava tilanne päällä kuin tämän ketjun aloittajalla, 10v poikani omilla tunnuksillaan onnistui asentamaan jollain ihmeen tavalla tuo crossbrowserin järjestelmänlaajuisesti eli kaikille käyttäjille, myös admin-tunnukselle. Malwarebytes Anti-Malware poisti crossbrowserin ja kaikki mukana tulleet muutkin pöpöt. AdwCleaner sen jälkeen tosin sammui skannauksessa, mutta vaikuttaa että ilmankin puhdistui. Kiitos IlmoPJ vinkistä.

verovanki · 28.07.2015

Baidun versiosta riippuen se baidun prosessi pitää sulkea ensin tehtävienhallinnan kautta, vasta sitten adwcleaner pystyy poistamaan baidun.
combofix lähtee kýllä ilman tehävienhallinnan avaamista:
http://www.bleepingcomputer.com/download/combofix/
Lokalisoitu suomeksi helppoa käyttää.

Kirjaudu tai liity jäseneksi

Ongelma Ongelmana Baidu (HjT)

dremota Newbie

JoniS Active member

IlmoPJ Moderator Ylläpitäjä

dremota Newbie

1pertti Senior member

dremota Newbie

djjari Active member

Yrjana Member

verovanki Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Ongelma Ongelmana Baidu (HjT)

dremota Newbie

JoniS Active member

IlmoPJ Moderator Ylläpitäjä

dremota Newbie

1pertti Senior member

dremota Newbie

djjari Active member

Yrjana Member

verovanki Regular member

Jaa tämä sivu

Hyödyllisiä hakuja