Ahoj. Poprosil bych o vyřešení problému. Neustále se na mě z každého kliknutí na netu valí spousta reklam, vyskakujících oken, odkazuje mě to na jiné weby, atd....
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 18:29:12)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> explorer.exe
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> wscntfy.exe
Failed to access process -> opera.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14240 ... XX9VS47ZW7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
FF HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2015-02-16] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Uploads Only for Youtube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajdnlgehefnmaiighnbaibekhdfhnipd [2015-05-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Google Webspam Report) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2015-03-15] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-26]
CHR Extension: (Taskforce) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-02-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (VK Switcher) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda [2015-04-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Send to OmniFocus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen [2015-04-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
S4 TosIde; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S4 ultra; no ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 ay34etf2; C:\Windows\System32\Drivers\ay34etf2.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 18:25 - 2016-02-19 18:29 - 00036624 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 18:29 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2016-02-19 14:43 - 2016-02-19 14:43 - 00000454 _____ C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\83f214aa
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-1}
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-0}
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{0fdb1fe0-712c-0}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 18:29 - 2010-12-01 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 18:27 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 17:46 - 2014-10-28 17:29 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 17:27 - 2015-12-14 00:24 - 00000532 _____ C:\WINDOWS\Tasks\RocketTab.job
2016-02-19 17:27 - 2014-10-28 17:29 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 17:27 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 17:25 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 17:25 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 17:25 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-10 23:49 - 2014-10-28 17:31 - 00002080 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
Files to move or delete:
====================
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\KMP_3.2.0.0.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu (vyskakující reklamy)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
# AdwCleaner v5.035 - Logfile created 19/02/2016 at 19:17:27
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x64)
# Username : Administrator - WINXP64
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch
[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Techgile
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabSolution
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\mystartsearch
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\staged
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\UpdateAdmin
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajdnlgehefnmaiighnbaibekhdfhnipd
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\11874827355510398443
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\a4cbdc907649ddeb
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlliChieoaaPPricee
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\CouupEextensIonn
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{0fdb1fe0-712c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-1}
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\UpdateAdmin
[-] Folder Deleted : C:\Program Files (x86)\OLBPre
[-] Folder Deleted : C:\Program Files (x86)\Search Extensions
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ DLLs ] *****
[!] File Not Restored : C:\WINDOWS\SysNative\dnsapi.dll
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : RocketTab
[-] Task Deleted : UpdateAdmin
[-] Task Deleted : RocketTab
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\8a3fbc9f-5084-9b21-1d52-56ab4a3a3d14
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{95289393-33EA-4F8D-B952-483415B9C955}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mystartsearch uninstall
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
***** [ Web browsers ] *****
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ajdnlgehefnmaiighnbaibekhdfhnipd
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : efinmbicabejjhjafeidhfbojhnfiepj
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gdbfnafnalfjconpgenohfidcaeibkoc
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lfojgmgodcgmjoiokklgmailddgolmda
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ohdhaodomnlifoigpfcbjpcegdbefnen
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14101 bytes] ##########
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x64)
# Username : Administrator - WINXP64
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch
[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Techgile
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabSolution
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\mystartsearch
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\staged
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\UpdateAdmin
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajdnlgehefnmaiighnbaibekhdfhnipd
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\11874827355510398443
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\a4cbdc907649ddeb
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlliChieoaaPPricee
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\CouupEextensIonn
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{0fdb1fe0-712c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-1}
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\UpdateAdmin
[-] Folder Deleted : C:\Program Files (x86)\OLBPre
[-] Folder Deleted : C:\Program Files (x86)\Search Extensions
***** [ Files ] *****
[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
***** [ DLLs ] *****
[!] File Not Restored : C:\WINDOWS\SysNative\dnsapi.dll
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
***** [ Scheduled tasks ] *****
[-] Task Deleted : RocketTab
[-] Task Deleted : UpdateAdmin
[-] Task Deleted : RocketTab
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\8a3fbc9f-5084-9b21-1d52-56ab4a3a3d14
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{95289393-33EA-4F8D-B952-483415B9C955}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mystartsearch uninstall
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
***** [ Web browsers ] *****
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ajdnlgehefnmaiighnbaibekhdfhnipd
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : efinmbicabejjhjafeidhfbojhnfiepj
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gdbfnafnalfjconpgenohfidcaeibkoc
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lfojgmgodcgmjoiokklgmailddgolmda
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ohdhaodomnlifoigpfcbjpcegdbefnen
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14101 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 19:29:17)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> opera.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
S4 TosIde; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S4 ultra; no ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00033578 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2016-02-19 14:43 - 2016-02-19 14:43 - 00000454 _____ C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\83f214aa
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 19:29 - 2010-12-01 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:21 - 2014-10-28 17:29 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 19:21 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 19:19 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 19:19 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 19:19 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:46 - 2014-10-28 17:29 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 18:43 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
Files to move or delete:
====================
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\KMP_3.2.0.0.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================
Ran by Administrator (administrator) on WINXP64 (19-02-2016 19:29:17)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> opera.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
S4 TosIde; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S4 ultra; no ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00033578 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2016-02-19 14:43 - 2016-02-19 14:43 - 00000454 _____ C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\83f214aa
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 19:29 - 2010-12-01 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:21 - 2014-10-28 17:29 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 19:21 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 19:19 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 19:19 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 19:19 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:46 - 2014-10-28 17:29 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 18:43 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
Files to move or delete:
====================
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\KMP_3.2.0.0.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Váš opr. systém je nezabezpečený, chybí ServicePack3. Také se obávám, že je poškozen.Start
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/ch ... pdates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\All Users\Application Data\83f214aa
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Administrator (2016-02-19 19:58:35) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/ch ... pdates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\All Users\Application Data\83f214aa
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
End
*****************
HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2000c51f-07b7-11e1-99cb-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{2000c51f-07b7-11e1-99cb-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7713f430-5575-11e1-ba70-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7713f430-5575-11e1-ba70-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b59e74a1-dbc2-11e4-b349-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{b59e74a1-dbc2-11e4-b349-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ecdc29-1774-11e0-a46d-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{e1ecdc29-1774-11e0-a46d-1c6f653eb554} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => key removed successfully
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => moved successfully
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
xmlprov => service removed successfully
xmlprov => service not found.
071538ab => service removed successfully
be0fb33b => service removed successfully
d0439c0e => service removed successfully
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => service removed successfully
Abiosdsk => service removed successfully
adpu160m => service removed successfully
adpu320 => service removed successfully
aic78u2 => service removed successfully
aic78xx => service removed successfully
AliIde => service removed successfully
AmdIde => service removed successfully
arc => service removed successfully
Atdisk => service removed successfully
CdaC15BA => Service stopped successfully.
CdaC15BA => service removed successfully
CdaD10BA => Service stopped successfully.
CdaD10BA => service removed successfully
Changer => service removed successfully
CmdIde => service removed successfully
dpti2o => service removed successfully
i2omgmt => service removed successfully
iirsp => service removed successfully
IntelIde => service removed successfully
mraid35x => service removed successfully
PCIIde => service removed successfully
PDCOMP => service removed successfully
PDFRAME => service removed successfully
PDRELI => service removed successfully
PDRFRAME => service removed successfully
Simbad => service removed successfully
symc8xx => service removed successfully
symmpi => service removed successfully
sym_hi => service removed successfully
sym_u3 => service removed successfully
TosIde => service removed successfully
ultra => service removed successfully
ViaIde => service removed successfully
WDICA => service removed successfully
acz8k8ts => service removed successfully
IpInIp => service removed successfully
WS2IFSL => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DMServer => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Iprip => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LanmanWorkstation => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Messenger => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wscsvc => removed successfully
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job => moved successfully
C:\Documents and Settings\All Users\Application Data\83f214aa => moved successfully
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0 => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job" => not found.
C:\Documents and Settings\Administrator\Local Settings\Temp => moved successfully
"C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION" => not found.
==== End of Fixlog 19:58:47 ====
Ran by Administrator (2016-02-19 19:58:35) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/ch ... pdates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\All Users\Application Data\83f214aa
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
End
*****************
HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2000c51f-07b7-11e1-99cb-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{2000c51f-07b7-11e1-99cb-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7713f430-5575-11e1-ba70-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7713f430-5575-11e1-ba70-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b59e74a1-dbc2-11e4-b349-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{b59e74a1-dbc2-11e4-b349-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ecdc29-1774-11e0-a46d-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{e1ecdc29-1774-11e0-a46d-1c6f653eb554} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => key removed successfully
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => moved successfully
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
xmlprov => service removed successfully
xmlprov => service not found.
071538ab => service removed successfully
be0fb33b => service removed successfully
d0439c0e => service removed successfully
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => service removed successfully
Abiosdsk => service removed successfully
adpu160m => service removed successfully
adpu320 => service removed successfully
aic78u2 => service removed successfully
aic78xx => service removed successfully
AliIde => service removed successfully
AmdIde => service removed successfully
arc => service removed successfully
Atdisk => service removed successfully
CdaC15BA => Service stopped successfully.
CdaC15BA => service removed successfully
CdaD10BA => Service stopped successfully.
CdaD10BA => service removed successfully
Changer => service removed successfully
CmdIde => service removed successfully
dpti2o => service removed successfully
i2omgmt => service removed successfully
iirsp => service removed successfully
IntelIde => service removed successfully
mraid35x => service removed successfully
PCIIde => service removed successfully
PDCOMP => service removed successfully
PDFRAME => service removed successfully
PDRELI => service removed successfully
PDRFRAME => service removed successfully
Simbad => service removed successfully
symc8xx => service removed successfully
symmpi => service removed successfully
sym_hi => service removed successfully
sym_u3 => service removed successfully
TosIde => service removed successfully
ultra => service removed successfully
ViaIde => service removed successfully
WDICA => service removed successfully
acz8k8ts => service removed successfully
IpInIp => service removed successfully
WS2IFSL => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DMServer => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Iprip => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LanmanWorkstation => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Messenger => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wscsvc => removed successfully
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job => moved successfully
C:\Documents and Settings\All Users\Application Data\83f214aa => moved successfully
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0 => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job" => not found.
C:\Documents and Settings\Administrator\Local Settings\Temp => moved successfully
"C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION" => not found.
==== End of Fixlog 19:58:47 ====
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Problém stále přetrvává.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 21:40:47)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> explorer.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> opera.exe
Failed to access process -> mbamservice.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbam.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-19] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 aqxjvqda; C:\Windows\System32\Drivers\aqxjvqda.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: xmlprov -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 21:29 - 2016-02-19 21:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-02-19 21:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-19 21:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-19 19:59 - 2016-02-19 21:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:58 - 2016-02-19 19:58 - 00014683 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00030515 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 21:38 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 21:08 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 21:06 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 21:06 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 21:06 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================
Ran by Administrator (administrator) on WINXP64 (19-02-2016 21:40:47)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> explorer.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> opera.exe
Failed to access process -> mbamservice.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbam.exe
Failed to access process -> FRST64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-19] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 aqxjvqda; C:\Windows\System32\Drivers\aqxjvqda.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: xmlprov -> no filepath.
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 21:29 - 2016-02-19 21:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-02-19 21:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-19 21:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-19 19:59 - 2016-02-19 21:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:58 - 2016-02-19 19:58 - 00014683 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00030515 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-02-19 21:38 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 21:08 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 21:06 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 21:06 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 21:06 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
==================== Files in the root of some directories =======
2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
ATTENTION: ==> Could not access BCD.
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Potřebuji vidět log MBAM. To je tento: http://forum.viry.cz/viewtopic.php?f=13 ... m#p1437159 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19.2.2016
Čas skenování: 21:31:30
Protokol: MBAM log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.06
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows XP Service Pack 2
CPU: x64
Souborový systém: NTFS
Uživatel: Administrator
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 322661
Uplynulý čas: 6 min, 59 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.Agent, HKU\S-1-5-21-782792514-37980368-3857643098-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Techgile, , [048e550ddfba280ecdb62231966e6a96],
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [3959bea4f3a610266d7039daa2624fb1],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 146
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.SupremeAdblocker, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker, , [5e34540e4059d5614a3abc2de919768a],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [82108ad8c3d6c76f7bd2f5246c991be5],
Soubory: 171
RiskWare.ExtensionMismatch, C:\Documents and Settings\Administrator\Application Data\WinRAR\Themes\Vista_Ultimate_48x48\Toolbar\Find.bmp, , [880ae67c514842f43683c68bda27b34d],
PUP.Optional.MultiPlug.UNS, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker\Supreme AdBlocker.exe, , [8f03de848b0e91a50a0f7cfd9e6427d9],
Trojan.Agent, C:\Documents, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [0092d38fdbbe023437b48896f21216ea],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [0092e280dcbdb185ad3e1608f311e41c],
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\icon.ico, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [9ef487dbedac85b1ca81c591ca3a4ab6],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [1b77352dd4c52b0b87c4e76f8d773cc4],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [850df56d0198c472f5567fd7ca3a7d83],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [96fc2939a7f2221497b4b99dc73dbe42],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, , [484afb6708918caa5ada1447f3115fa1],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, , [d7bbb7ab9ffa87afbd77c29909fbf10f],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [7f135c060495082ecf65acaf27dd768a],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [375b2f3343564ee820142239f60e05fb],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [e6ac0c567b1eec4aabe9223c739128d8],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [cbc7332fcdcc12249103cd91b2529868],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\128.png, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata\verified_contents.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\manifest.json, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\background.html, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\content.js, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\manifest.json, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\background.html, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\content.js, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
www.malwarebytes.org
Datum skenování: 19.2.2016
Čas skenování: 21:31:30
Protokol: MBAM log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.06
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows XP Service Pack 2
CPU: x64
Souborový systém: NTFS
Uživatel: Administrator
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 322661
Uplynulý čas: 6 min, 59 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 9
Trojan.Agent, HKU\S-1-5-21-782792514-37980368-3857643098-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Techgile, , [048e550ddfba280ecdb62231966e6a96],
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [3959bea4f3a610266d7039daa2624fb1],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 146
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.SupremeAdblocker, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker, , [5e34540e4059d5614a3abc2de919768a],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [82108ad8c3d6c76f7bd2f5246c991be5],
Soubory: 171
RiskWare.ExtensionMismatch, C:\Documents and Settings\Administrator\Application Data\WinRAR\Themes\Vista_Ultimate_48x48\Toolbar\Find.bmp, , [880ae67c514842f43683c68bda27b34d],
PUP.Optional.MultiPlug.UNS, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker\Supreme AdBlocker.exe, , [8f03de848b0e91a50a0f7cfd9e6427d9],
Trojan.Agent, C:\Documents, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [0092d38fdbbe023437b48896f21216ea],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [0092e280dcbdb185ad3e1608f311e41c],
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\icon.ico, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [9ef487dbedac85b1ca81c591ca3a4ab6],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [1b77352dd4c52b0b87c4e76f8d773cc4],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [850df56d0198c472f5567fd7ca3a7d83],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [96fc2939a7f2221497b4b99dc73dbe42],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, , [484afb6708918caa5ada1447f3115fa1],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, , [d7bbb7ab9ffa87afbd77c29909fbf10f],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [7f135c060495082ecf65acaf27dd768a],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [375b2f3343564ee820142239f60e05fb],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [e6ac0c567b1eec4aabe9223c739128d8],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [cbc7332fcdcc12249103cd91b2529868],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\128.png, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata\verified_contents.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\manifest.json, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\background.html, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\content.js, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\manifest.json, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\background.html, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\content.js, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu (vyskakující reklamy)
Všechny nálezy smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu (vyskakující reklamy)
Všechno smazáno, pc restartován.
Přispějete na provoz fóra?