VIRY.CZ

Ahoj. Poprosil bych o vyřešení problému. Neustále se na mě z každého kliknutí na netu valí spousta reklam, vyskakujících oken, odkazuje mě to na jiné weby, atd....



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 18:29:12)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> explorer.exe
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> wscntfy.exe
Failed to access process -> opera.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> chrome.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.gboxapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14240 ... XX9VS47ZW7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]
FF HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2015-02-16] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Uploads Only for Youtube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajdnlgehefnmaiighnbaibekhdfhnipd [2015-05-14] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Google Webspam Report) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2015-03-15] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Video Downloader professional) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-26]
CHR Extension: (Taskforce) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc [2015-02-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (VK Switcher) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda [2015-04-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Send to OmniFocus) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen [2015-04-04] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
S4 TosIde; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S4 ultra; no ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 ay34etf2; C:\Windows\System32\Drivers\ay34etf2.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 18:25 - 2016-02-19 18:29 - 00036624 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 18:29 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2016-02-19 14:43 - 2016-02-19 14:43 - 00000454 _____ C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\83f214aa
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-1}
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-0}
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\{0fdb1fe0-712c-0}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 18:29 - 2010-12-01 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 18:27 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 17:46 - 2014-10-28 17:29 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 17:27 - 2015-12-14 00:24 - 00000532 _____ C:\WINDOWS\Tasks\RocketTab.job
2016-02-19 17:27 - 2014-10-28 17:29 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 17:27 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 17:25 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 17:25 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 17:25 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-10 23:49 - 2014-10-28 17:31 - 00002080 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc

==================== Files in the root of some directories =======

2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel

Files to move or delete:
====================
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\KMP_3.2.0.0.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION


ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.035 - Logfile created 19/02/2016 at 19:17:27
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Microsoft Windows XP Service Pack 2 (x64)
# Username : Administrator - WINXP64
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch
[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Techgile
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\BabSolution
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\dvdvideosoftiehelpers
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\mystartsearch
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\staged
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\Extensions\{b64d9b05-48e1-4ceb-bf58-e0643994e900}
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\UpdateAdmin
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajdnlgehefnmaiighnbaibekhdfhnipd
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfojgmgodcgmjoiokklgmailddgolmda
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohdhaodomnlifoigpfcbjpcegdbefnen
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\11874827355510398443
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\a4cbdc907649ddeb
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\AlliChieoaaPPricee
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\CouupEextensIonn
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{0fdb1fe0-712c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-0}
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\{206fd12e-112c-1}
[-] Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\UpdateAdmin
[-] Folder Deleted : C:\Program Files (x86)\OLBPre
[-] Folder Deleted : C:\Program Files (x86)\Search Extensions

***** [ Files ] *****

[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
[-] File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\extensions\user.js
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_elicpjhcidhpjomhibiffojpinpmmpil_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ogminpmldncgcmokldnmmapddoccmhfl_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Extension Settings\ogminpmldncgcmokldnmmapddoccmhfl
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajdnlgehefnmaiighnbaibekhdfhnipd_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efinmbicabejjhjafeidhfbojhnfiepj_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gdbfnafnalfjconpgenohfidcaeibkoc_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfojgmgodcgmjoiokklgmailddgolmda_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ohdhaodomnlifoigpfcbjpcegdbefnen_0.localstorage-journal
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal

***** [ DLLs ] *****

[!] File Not Restored : C:\WINDOWS\SysNative\dnsapi.dll

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : RocketTab
[-] Task Deleted : UpdateAdmin
[-] Task Deleted : RocketTab

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\8a3fbc9f-5084-9b21-1d52-56ab4a3a3d14
[-] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64d9b05-48e1-4ceb-bf58-e0643994e900}]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95289393-33EA-4F8D-B952-483415B9C955}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{95289393-33EA-4F8D-B952-483415B9C955}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
[-] Key Deleted : HKCU\Software\BabylonToolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\Headlight
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\simplytech
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Babylon
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B138259A-351E-33FA-2726-8D71704F1DA9}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mystartsearch uninstall
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ajdnlgehefnmaiighnbaibekhdfhnipd
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : efinmbicabejjhjafeidhfbojhnfiepj
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : elicpjhcidhpjomhibiffojpinpmmpil
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : gdbfnafnalfjconpgenohfidcaeibkoc
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lfojgmgodcgmjoiokklgmailddgolmda
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ogminpmldncgcmokldnmmapddoccmhfl
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ohdhaodomnlifoigpfcbjpcegdbefnen

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14101 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 19:29:17)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> explorer.exe
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> opera.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Abiosdsk; no ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
S4 dpti2o; no ImagePath
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S4 IntelIde; no ImagePath
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
S4 mraid35x; no ImagePath
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S4 Simbad; no ImagePath
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
S4 TosIde; no ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S4 ultra; no ImagePath
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00033578 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 19:29 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe
2016-02-19 14:43 - 2016-02-19 14:43 - 00000454 _____ C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\83f214aa
2016-02-19 14:43 - 2016-02-19 14:43 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 19:29 - 2010-12-01 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:21 - 2014-10-28 17:29 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-19 19:21 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 19:19 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 19:19 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 19:19 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:46 - 2014-10-28 17:29 - 00000952 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-19 18:43 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc

==================== Files in the root of some directories =======

2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel

Files to move or delete:
====================
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\KMP_3.2.0.0.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION


ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/ch ... pdates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\All Users\Application Data\83f214aa
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte. Váš opr. systém je nezabezpečený, chybí ServicePack3. Také se obávám, že je poškozen.

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Administrator (2016-02-19 19:58:35) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM\...\Command Processor: <======= ATTENTION
HKLM-x32\...\Command Processor: <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {0ef3bb9e-79dc-11e2-8510-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {2000c51f-07b7-11e1-99cb-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7713f430-5575-11e1-ba70-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {7d25a2a6-5b41-11e2-9d86-1c6f653eb554} - F:\Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {b59e74a1-dbc2-11e4-b349-1c6f653eb554} - Updates\Drivers\System.exe
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\MountPoints2: {e1ecdc29-1774-11e0-a46d-1c6f653eb554} - EXPLORER.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> DefaultScope {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/ch ... pdates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-17] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
S2 071538ab; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\ProcessGeneration\ProcessGeneration.dll",serv
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Supporter\Supporter.dll",serv
S2 d0439c0e; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\TailCutter\TailCutter.dll",serv
S3 WinHttpAutoProxySvc; winhttp.dll [X]
S4 Abiosdsk; no ImagePath
S4 adpu160m; no ImagePath
S4 adpu320; no ImagePath
S4 aic78u2; no ImagePath
S4 aic78xx; no ImagePath
S4 AliIde; no ImagePath
S4 AmdIde; no ImagePath
S4 arc; no ImagePath
S4 Atdisk; no ImagePath
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2005-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 dpti2o; no ImagePath
S1 i2omgmt; no ImagePath
S4 iirsp; no ImagePath
S4 IntelIde; no ImagePath
S4 mraid35x; no ImagePath
S4 PCIIde; no ImagePath
S3 PDCOMP; no ImagePath
S3 PDFRAME; no ImagePath
S3 PDRELI; no ImagePath
S3 PDRFRAME; no ImagePath
S4 Simbad; no ImagePath
S4 symc8xx; no ImagePath
S4 symmpi; no ImagePath
S4 sym_hi; no ImagePath
S4 sym_u3; no ImagePath
S4 TosIde; no ImagePath
S4 ultra; no ImagePath
S4 ViaIde; no ImagePath
S3 WDICA; no ImagePath
U3 acz8k8ts; C:\Windows\System32\Drivers\acz8k8ts.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U1 WS2IFSL; no ImagePath
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File
NETSVCx32: Iprip -> no filepath.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\All Users\Application Data\83f214aa
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
End
*****************

HKLM\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Command Processor\\AutoRun => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{0ef3bb9e-79dc-11e2-8510-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2000c51f-07b7-11e1-99cb-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{2000c51f-07b7-11e1-99cb-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7713f430-5575-11e1-ba70-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7713f430-5575-11e1-ba70-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{7d25a2a6-5b41-11e2-9d86-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b59e74a1-dbc2-11e4-b349-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{b59e74a1-dbc2-11e4-b349-1c6f653eb554} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1ecdc29-1774-11e0-a46d-1c6f653eb554}" => key removed successfully
HKCR\CLSID\{e1ecdc29-1774-11e0-a46d-1c6f653eb554} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKU\S-1-5-21-782792514-37980368-3857643098-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => key removed successfully
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} => key not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => moved successfully
C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj <==== ATTENTION => not found
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda <==== ATTENTION => not found
xmlprov => service removed successfully
xmlprov => service not found.
071538ab => service removed successfully
be0fb33b => service removed successfully
d0439c0e => service removed successfully
WinHttpAutoProxySvc => Service stopped successfully.
WinHttpAutoProxySvc => service removed successfully
Abiosdsk => service removed successfully
adpu160m => service removed successfully
adpu320 => service removed successfully
aic78u2 => service removed successfully
aic78xx => service removed successfully
AliIde => service removed successfully
AmdIde => service removed successfully
arc => service removed successfully
Atdisk => service removed successfully
CdaC15BA => Service stopped successfully.
CdaC15BA => service removed successfully
CdaD10BA => Service stopped successfully.
CdaD10BA => service removed successfully
Changer => service removed successfully
CmdIde => service removed successfully
dpti2o => service removed successfully
i2omgmt => service removed successfully
iirsp => service removed successfully
IntelIde => service removed successfully
mraid35x => service removed successfully
PCIIde => service removed successfully
PDCOMP => service removed successfully
PDFRAME => service removed successfully
PDRELI => service removed successfully
PDRFRAME => service removed successfully
Simbad => service removed successfully
symc8xx => service removed successfully
symmpi => service removed successfully
sym_hi => service removed successfully
sym_u3 => service removed successfully
TosIde => service removed successfully
ultra => service removed successfully
ViaIde => service removed successfully
WDICA => service removed successfully
acz8k8ts => service removed successfully
IpInIp => service removed successfully
WS2IFSL => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DMServer => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Iprip => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs LanmanWorkstation => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Messenger => removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wscsvc => removed successfully
C:\WINDOWS\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job => moved successfully
C:\Documents and Settings\All Users\Application Data\83f214aa => moved successfully
C:\Documents and Settings\All Users\Application Data\6986e42f-2af3-0 => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Windows\Tasks\{42633452-06C2-DECE-2EE4-8669BEF0B000}.job" => not found.
C:\Documents and Settings\Administrator\Local Settings\Temp => moved successfully
"C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION" => not found.

==== End of Fixlog 19:58:47 ====

Smazáno. Nastala nějaká změna?

Problém stále přetrvává.

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Administrator (administrator) on WINXP64 (19-02-2016 21:40:47)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Service Pack 2 (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 6 (Default browser: "C:\Program Files (x86)\Opera\Opera.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> ekrn.exe
Failed to access process -> svchost.exe
Failed to access process -> nvsvc64.exe
Failed to access process -> GoogleUpdate.exe
Failed to access process -> PnkBstrA.exe
Failed to access process -> svchost.exe
Failed to access process -> TuneUpUtilitiesService64.exe
Failed to access process -> explorer.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> RTHDCPL.EXE
Failed to access process -> rundll32.exe
Failed to access process -> egui.exe
Failed to access process -> utorrent.exe
Failed to access process -> ZPSTray.exe
Failed to access process -> nusb3mon.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> wscntfy.exe
Failed to access process -> TuneUpUtilitiesApp64.exe
Failed to access process -> alg.exe
Failed to access process -> opera.exe
Failed to access process -> mbamservice.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbam.exe
Failed to access process -> FRST64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19573352 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [84584 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2815592 2010-09-03] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [64104 2010-09-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2012-05-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [481720 2012-04-04] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR12] => C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe [1472312 2015-02-16] (ABBYY Production LLC.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [WIAWizardMenu] => RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
HKLM-x32\...\Winlogon: [Userinit] userinit [X]
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS\SysWOW64\crypt32.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\SysWOW64\cryptnet.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\SysWOW64\cscdll.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\SysWOW64\dimsntfy.dll [2007-02-18] (Microsoft Corporation)
Winlogon\Notify\EFS: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy: C:\WINDOWS\SysWOW64\sclgntfy.dll [2005-03-25] (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKU\S-1-5-19\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [RatioFaker] => C:\Program Files (x86)\Ratio Faker\RatioFaker.exe [176640 2009-03-29] ()
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [uTorrent] => C:\Documents and Settings\Administrator\Application Data\uTorrent\utorrent.exe [289584 2009-11-25] (BitTorrent, Inc.)
HKU\S-1-5-21-782792514-37980368-3857643098-500\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [563416 2015-07-12] (ZONER software)
HKU\S-1-5-18\...\Run: [CTFMON.EXE] => C:\WINDOWS\system32\CTFMON.EXE [20992 2005-03-25] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\Windows\system32\tscupgrd.exe [62464 2005-03-25] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10505728 2007-02-17] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8359936 2007-02-18] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{6DA75F10-6AA4-4D76-BCCC-6AC6A0840741}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-782792514-37980368-3857643098-500\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=i ... date&O1=b1
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-782792514-37980368-3857643098-500 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\shdocvw.dll (Microsoft Corporation)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll [2007-02-17] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-782792514-37980368-3857643098-500 -> &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2006-10-26] (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll [2007-02-18] (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll [2007-02-17] (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\syswow64\SHELL32.dll [2007-02-18] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Extension: Greasemonkey - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\q4p34fs9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-11-13] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR NewTab: Default -> "chrome-extension://jpfpebmajhhopeonhlcgidhclcccjcik/newtab.html"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Disk Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Reddit Link Opener) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-13]
CHR Extension: (W3Schools Hider) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll [2015-02-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Speed Dial 2) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-12-31]
CHR Extension: (Firebug Lite Beta for Google Chrome™) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mdaojmoeahmmokaflgbannaopagamgoj [2015-04-07] [UpdateUrl: hxxps://getfirebug.com/releases/lite/chrome/beta/updates.xml] <==== ATTENTION
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
StartMenuInternet: chrome.exe - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AeLookupSvc; C:\WINDOWS\SysWOW64\aelupsvc.dll [26624 2005-03-25] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2005-03-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS\SysWOW64\audiosrv.dll [41472 2005-03-25] (Microsoft Corporation)
S2 Browser; C:\WINDOWS\SysWOW64\browser.dll [78336 2007-02-18] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2005-03-25] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS\SysWOW64\clipsrv.exe [32256 2005-03-25] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-17] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-17] (Microsoft Corporation)
R2 Dnscache; C:\WINDOWS\SysWOW64\dnsrslvr.dll [45568 2007-02-18] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2005-03-25] (Microsoft Corporation)
R2 Eventlog; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-17] (Microsoft Corporation)
R3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2005-03-25] (Microsoft Corporation)
R3 HTTPFilter; C:\WINDOWS\SysWOW64\w3ssl.dll [15360 2005-03-25] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2005-03-25] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-17] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS\SysWOW64\lmhsvc.dll [19968 2007-02-18] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-17] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2005-03-25] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDE; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-17] (Microsoft Corporation)
S3 NetDDEdsdm; C:\WINDOWS\SysWOW64\netdde.exe [110080 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\WINDOWS\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492032 2007-02-17] (Microsoft Corporation)
R3 Nla; C:\WINDOWS\SysWOW64\mswsock.dll [233472 2007-02-18] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-17] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [186176 2012-05-15] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [224256 2007-02-17] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2011-02-12] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2005-03-25] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-17] (Microsoft Corporation)
S4 RemoteRegistry; C:\WINDOWS\SysWOW64\regsvc.dll [69120 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-17] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS\SysWOW64\SCardSvr.exe [90112 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\WINDOWS\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
S3 seclogon; C:\WINDOWS\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-17] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS\SysWOW64\ssdpsrv.dll [72192 2007-02-18] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS\SysWOW64\wiaservc.dll [348160 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-17] (Microsoft Corporation)
S2 SysmonLog; C:\WINDOWS\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-17] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-06-16] (TuneUp Software)
S3 UPS; C:\Windows\System32\ups.exe [34816 2005-03-25] (Microsoft Corporation)
S3 UPS; C:\WINDOWS\SysWOW64\ups.exe [16896 2005-03-25] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS\SysWOW64\w32time.dll [227328 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1051648 2007-02-17] (Microsoft Corporation)
S3 Wmi; C:\WINDOWS\SysWOW64\advapi32.dll [618496 2007-02-18] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2005-03-25] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2005-03-25] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-25] (Microsoft Corporation)
S3 Ambfilt64; C:\Windows\System32\drivers\Ambft64.sys [1801304 2009-11-18] (Creative)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2010-12-29] ()
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-17] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-17] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\DRIVERS\dmio.sys [244224 2007-02-17] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\Drivers\dmload.sys [9216 2005-03-25] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [162552 2015-07-14] (ESET)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-17] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-17] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-17] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2007-02-17] (Windows (R) Server 2003 DDK provider)
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2005-03-25] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [6081128 2010-09-03] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-17] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-17] (Microsoft Corporation)
S3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-25] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2010-12-29] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-19] (Malwarebytes)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2005-03-25] (Microsoft Corporation)
S3 Monfilt64; C:\Windows\System32\drivers\Monft64.sys [1861720 2009-11-18] (Creative Technology Ltd.)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [13779072 2012-05-15] (NVIDIA Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda64.sys [156480 2012-04-18] (NVIDIA Corporation)
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-17] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2005-03-25] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2005-03-25] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-17] (Microsoft Corporation)
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2010-12-26] () [File not signed]
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2005-03-25] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-25] (Microsoft Corporation)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-18] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [81920 2007-02-17] (Microsoft Corporation)
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-18] (Microsoft Corporation)
U3 aqxjvqda; C:\Windows\System32\Drivers\aqxjvqda.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll (Microsoft Corporation)
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: xmlprov -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 21:29 - 2016-02-19 21:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 21:28 - 2016-02-19 21:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-02-19 21:28 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-19 21:28 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-19 19:59 - 2016-02-19 21:40 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-02-19 19:58 - 2016-02-19 19:58 - 00014683 _____ C:\Documents and Settings\Administrator\Desktop\Fixlog.txt
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\rsit
2016-02-19 19:28 - 2016-02-19 19:28 - 00000000 ____D C:\Program Files\trend micro
2016-02-19 19:26 - 2016-02-19 19:26 - 01222144 _____ C:\Documents and Settings\Administrator\Desktop\RSITx64.exe
2016-02-19 19:15 - 2016-02-19 19:17 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:41 - 2016-02-19 18:41 - 01511424 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner_5.035.exe
2016-02-19 18:29 - 2016-02-19 18:29 - 00026790 _____ C:\Documents and Settings\Administrator\Desktop\Addition.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00030515 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-02-19 18:25 - 2016-02-19 21:40 - 00000000 ____D C:\FRST
2016-02-19 18:24 - 2016-02-19 18:24 - 02371072 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2016-02-19 18:24 - 2016-02-19 18:24 - 00015327 _____ C:\Documents and Settings\Administrator\Desktop\LM.bat
2016-02-19 18:21 - 2016-02-19 18:21 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Administrator\Desktop\FRSTLauncher.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-19 21:38 - 2010-12-06 11:31 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-02-19 21:08 - 2010-12-01 09:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-19 21:06 - 2013-05-21 16:16 - 00196608 _____ C:\WINDOWS\system32\config\TuneUp.evt
2016-02-19 21:06 - 2010-12-01 09:42 - 00032544 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2016-02-19 21:06 - 2010-12-01 09:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-02-19 19:17 - 2014-10-28 17:31 - 00000859 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:17 - 2011-01-28 21:33 - 00000601 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-02-19 19:17 - 2010-12-01 09:42 - 00000815 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer (32-bit).lnk
2016-02-19 18:21 - 2010-12-02 20:23 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-34c3-1
2016-02-19 14:43 - 2015-12-14 00:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\c68b4040-2d85-0
2016-02-19 00:32 - 2005-03-25 09:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-02-17 01:24 - 2016-01-03 16:09 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-17 01:24 - 2016-01-03 16:09 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-14 21:13 - 2010-12-01 09:42 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents
2016-02-14 19:51 - 2011-11-13 16:45 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures
2016-02-14 15:48 - 2010-12-01 09:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-14 15:43 - 2014-08-25 13:00 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Games
2016-02-06 15:52 - 2015-08-30 12:41 - 00000000 ____D C:\Adownloader
2016-02-03 02:07 - 2015-02-03 12:05 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\BS.Player
2016-02-03 02:07 - 2011-11-12 01:23 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\AVI ReComp
2016-01-29 11:19 - 2010-12-01 10:21 - 00000000 ___HD C:\WINDOWS\inf
2016-01-24 21:26 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb0.bin
2016-01-24 21:26 - 2010-12-01 12:29 - 00000001 _____ C:\WINDOWS\system32\nvdrssel.bin
2016-01-24 21:19 - 2010-12-01 12:29 - 01076684 _____ C:\WINDOWS\system32\nvdrsdb1.bin
2016-01-24 21:18 - 2012-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\FlashGet
2016-01-23 17:11 - 2010-12-26 19:12 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc

==================== Files in the root of some directories =======

2011-09-17 14:08 - 2002-07-31 16:07 - 0709905 _____ () C:\Program Files (x86)\cesky.dat
2011-09-17 14:08 - 2002-07-31 21:39 - 0418304 _____ () C:\Program Files (x86)\DooM2_cz.exe
2011-09-17 14:07 - 2006-03-29 11:18 - 0000957 _____ () C:\Program Files (x86)\hrej.cz.nfo
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jDoom.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHeretic.exe
2011-09-09 15:13 - 2002-02-18 23:00 - 0028672 _____ () C:\Program Files (x86)\jHexen.exe
2011-09-09 15:13 - 2003-10-02 15:47 - 0610304 _____ (Cheb/SavageMessiah) C:\Program Files (x86)\Kicks.exe
2011-09-09 15:14 - 2015-12-14 01:04 - 0000824 _____ () C:\Program Files (x86)\KickStart.cfg
2011-09-09 15:33 - 2015-12-14 00:46 - 0000226 _____ () C:\Program Files (x86)\KickStart.out
2011-09-09 15:13 - 2003-10-12 12:58 - 0006306 _____ () C:\Program Files (x86)\KickStartOpts.cfg
2011-09-17 14:08 - 2002-07-31 21:47 - 0000069 _____ () C:\Program Files (x86)\readme.txt
2015-05-12 21:52 - 2015-09-04 16:39 - 0000024 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr25.bin
2015-02-24 00:24 - 2015-05-09 22:22 - 0000020 _____ () C:\Documents and Settings\Administrator\Application Data\appdataFr3.bin
2011-12-11 20:38 - 2011-12-11 20:38 - 0000000 ____R () C:\Documents and Settings\Administrator\Application Data\f8E1ELCbFG.txt
2011-03-23 02:23 - 2015-12-28 11:29 - 0039936 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-19 18:20 - 2016-02-19 18:24 - 0029696 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\MSGBOX.EXE
2013-04-19 19:46 - 2013-04-19 19:46 - 0008598 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\SysWOW64\wininit.exe IS MISSING <==== ATTENTION
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION


ATTENTION: ==> Could not access BCD.

==================== End of FRST.txt ============================

Potřebuji vidět log MBAM. To je tento: http://forum.viry.cz/viewtopic.php?f=13 ... m#p1437159 .

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 19.2.2016
Čas skenování: 21:31:30
Protokol: MBAM log.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.06
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows XP Service Pack 2
CPU: x64
Souborový systém: NTFS
Uživatel: Administrator

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 322661
Uplynulý čas: 6 min, 59 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 9
Trojan.Agent, HKU\S-1-5-21-782792514-37980368-3857643098-500_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{89E4F454-A5D3-400B-9C6A-49860E05C699}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
Trojan.Agent, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{32FBDE64-A820-44CA-A565-E518821629B5}, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.Yontoo, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Util Techgile, , [048e550ddfba280ecdb62231966e6a96],
PUP.Optional.WindowsMangerProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [3959bea4f3a610266d7039daa2624fb1],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 146
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.SupremeAdblocker, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker, , [5e34540e4059d5614a3abc2de919768a],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda, , [82108ad8c3d6c76f7bd2f5246c991be5],

Soubory: 171
RiskWare.ExtensionMismatch, C:\Documents and Settings\Administrator\Application Data\WinRAR\Themes\Vista_Ultimate_48x48\Toolbar\Find.bmp, , [880ae67c514842f43683c68bda27b34d],
PUP.Optional.MultiPlug.UNS, C:\Documents and Settings\All Users\Application Data\Supreme AdBlocker\Supreme AdBlocker.exe, , [8f03de848b0e91a50a0f7cfd9e6427d9],
Trojan.Agent, C:\Documents, , [4d451250debb1b1b439fa7976c97d729],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [0092d38fdbbe023437b48896f21216ea],
PUP.Optional.PastaLeads, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [0092e280dcbdb185ad3e1608f311e41c],
PUP.Optional.UpdateAdmin, C:\WINDOWS\Installer\{81F17B54-5D57-485E-88CC-F6D20D66B5E0}\icon.ico, , [fd95164c8415a591063d58fc19eb51af],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage, , [9ef487dbedac85b1ca81c591ca3a4ab6],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.bestpriceninja.com_0.localstorage-journal, , [1b77352dd4c52b0b87c4e76f8d773cc4],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [850df56d0198c472f5567fd7ca3a7d83],
PUP.Optional.BestPriceNinja, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [96fc2939a7f2221497b4b99dc73dbe42],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage, , [484afb6708918caa5ada1447f3115fa1],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_pstatic.eshopcomp.com_0.localstorage-journal, , [d7bbb7ab9ffa87afbd77c29909fbf10f],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [7f135c060495082ecf65acaf27dd768a],
PUP.Optional.eShopComp, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [375b2f3343564ee820142239f60e05fb],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [e6ac0c567b1eec4aabe9223c739128d8],
PUP.Optional.CrossRider, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [cbc7332fcdcc12249103cd91b2529868],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\manifest.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, , [e9a98ad831687eb8a3aafc1d986da060],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\manifest.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\128.png, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ar\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\bg\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ca\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\cs\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\da\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\de\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\el\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_GB\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\en_US\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\es_419\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\et\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\eu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fil\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\fr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\he\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\hu\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\id\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\it\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ja\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ko\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lt\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\lv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ms\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\nl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\no\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_BR\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\pt_PT\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ro\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\ru\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sl\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\sv\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\th\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\tr\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\uk\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\vi\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_CN\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_locales\zh_TW\messages.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\_metadata\verified_contents.json, , [f59d7ee4fd9cc76f79d4d44527de7090],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\manifest.json, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\background.html, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bpjdjkonibhggbbjchphchlbonaijjme\181\content.js, , [0a88baa80f8a8bab0a4336e315f0c937],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\manifest.json, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\background.html, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igiahejkpbnbnekdaefddmdceocmjpll\220\content.js, , [c6cc352d089169cdb796e93033d232ce],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],
PUP.Optional.HijackModifiedExtension, C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json, , [82108ad8c3d6c76f7bd2f5246c991be5],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Všechny nálezy smažte.

Všechno smazáno, pc restartován.