kirsatde | 08.04.2015 23:10 | ACMalwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 08.04.2015
Scan Time: 00:38:37
Logfile: mbm.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.04.07.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kir
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320580
Time Elapsed: 5 min, 31 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 6
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{30c85a3d-1d96-4589-b63f-91fb7ef45a41}, Quarantined, [289b2a3f9ceee6503ad4141d03006799],
PUP.Optional.FindPositive.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}, Quarantined, [289b2a3f9ceee6503ad4141d03006799],
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, Quarantined, [8f340a5fc0ca092dab4e619cc43f40c0],
PUP.Optional.PositiveFinds.A, HKLM\SOFTWARE\WOW6432NODE\PositiveFinds, Quarantined, [5e6573f68efc52e4c49f4c775ea557a9],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Quarantined, [f3d0bcadc3c7072ffca7c51aca392ad6],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-2269885380-988231122-2713158848-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteProducts, Quarantined, [fac91f4af89260d603b55fe825e033cd],
Registry Values: 1
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, hxxp://app.linkeyproject.com/popup/IE/background.js, Quarantined, [8f340a5fc0ca092dab4e619cc43f40c0]
Registry Data: 1
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2269885380-988231122-2713158848-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.default-search.net?sid=503&aid=102&itype=n&ver=15440&tm=614&src=hmp, Good: (www.google.com), Bad: (hxxp://www.default-search.net?sid=503&aid=102&itype=n&ver=15440&tm=614&src=hmp),Replaced,[cff4a2c77317ae88fdee0ce46a9b956b]
Folders: 5
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\2948474B0ABE4361934CD673C0700E15, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\42A6D3AF9BB747D39D72B14BCE02D326, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\EF974B9E2F65446EBF8C4FC6F594E006, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.Updater.A, C:\Users\kir\AppData\Roaming\DSite\UpdateProc, Quarantined, [cff42b3eaddd092dadfdc3d861a2d030],
Files: 8
PUP.Optional.Linkey.A, C:\Users\kir\AppData\Roaming\RHEng\FEBF24615CD34FD4A2F10479AFE3955B\DSManagerSetup1272015.exe, Quarantined, [d9ea056475150b2be9fe13a355ac12ee],
PUP.Optional.PositiveFind.A, C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{29e2f58a-a791-4ede-8083-4f6919d1cb6d}.xpi, Quarantined, [903313568efc3501e293b90c1de605fb],
PUP.Optional.DefaultSearch.A, C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\z51psq54.default-1421519012650\searchplugins\default-search.xml, Quarantined, [a320b5b45238d75f2f509e5fb152936d],
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, Quarantined, [9231ee7b6b1fb97d2c545f9e12f12dd3],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\2948474B0ABE4361934CD673C0700E15\setup0116.exe, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\42A6D3AF9BB747D39D72B14BCE02D326\pcmechanicpmDE_p1v1.exe, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.OpenCandy, C:\Users\kir\AppData\Roaming\OpenCandy\EF974B9E2F65446EBF8C4FC6F594E006\WebCompanionInstaller.exe, Quarantined, [5a69fc6de7a3a5918c37fb887e857987],
PUP.Optional.Updater.A, C:\Users\kir\AppData\Roaming\DSite\UpdateProc\prod.dat, Quarantined, [cff42b3eaddd092dadfdc3d861a2d030],
Physical Sectors: 0
(No malicious items detected)
(end)
AdwCleaner Logfile: Code:
# AdwCleaner v4.201 - Bericht erstellt 09/04/2015 um 00:04:44
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : kir - KIR-CAP
# Gestarted von : C:\Users\kir\Downloads\AdwCleaner_4.201.exe
# Option : Suchlauf
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Ordner Gefunden : C:\Program Files (x86)\VideoConverter
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\kir\AppData\Local\Babylon
Ordner Gefunden : C:\Users\kir\AppData\Local\Lollipop_05261243
Ordner Gefunden : C:\Users\kir\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\kir\AppData\Roaming\DSite
Ordner Gefunden : C:\Users\kir\AppData\Roaming\RHEng
***** [ Geplante Tasks ] *****
Task Gefunden : DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50407;hxxps=127.0.0.1:50407;
Schlüssel Gefunden : HKCU\Software\DriverTuner
Schlüssel Gefunden : HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner
Schlüssel Gefunden : [x64] HKCU\Software\DriverTuner_Init
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1DA17428-323D-48FF-857C-98CFEE48BFD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9C81D00A-3DAA-48AB-90C7-8252119ABB93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Wert Gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0.1 (x86 de)
-\\ Google Chrome v41.0.2272.118
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : aaipilfmheplbcghignccoiiebekkdhe
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Extension] : fpmeembnagmagppkgghhfjfdfajdfcah
[C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gefunden [Default_Search_Provider_Data] : hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006",
"usage_count": 0
}
},
"extensions": {
"settings": {
"aaipilfmheplbcghignccoiiebekkdhe": {
"lastpingday": "13072950003537389"
},
"ahfgeienlihckogmohjhadlkjgocpleb": {
"active_bit": true,
"active_permissions": {
"api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "h",
"creation_flags": 1,
"events": [ ],
"from_bookmark": false,
"from_webstore": false,
"install_time": "13045583079291984",
"last_launch_time": "13069682368848771",
"location": 5,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://chrome.google.com/webstore"
},
"urls": [ "hxxps://chrome.google.com/webstore" ]
},
"description": "Chrome Web Store",
"icons": {
"128": "webstore_icon_128.png",
"16": "webstore_icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB",
"name": "Store",
"permissions": [ "webstorePrivate", "management" ],
"version": "0.2"
},
"page_ordinal": "n",
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\web_store",
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"aoagjeoomgmendljkcehjnifjpcaeaki": {
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "y",
"commands": {
},
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13065897026266604",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://fernsehsuche.de/"
},
"urls": [ "hxxp://fernsehsuche.de/" ]
},
"description": "Programmübersicht für die Mediatheken deutscher Fernsehsender.",
"icons": {
"128": "icon_128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMKoOt9K4kg3PuqdZW+KlfCV0aP11HqGfs8GZQO+o632IXo379jfRID4Cp/K3J5Iw64U1g8Jmoy1xeOgVjNfUpVzb+ihQKH8jSjmJ51caIt0YXzgdDFCrtNvhWWbkZIRpCbu8wMdW95Gl3tsxqbouzykk1RD882vGlYal1ZXPYfQIDAQAB",
"manifest_version": 2,
"name": "fernsehsuche.de",
"permissions": [ ],
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "1"
},
"page_ordinal": "t",
"path": "aoagjeoomgmendljkcehjnifjpcaeaki\\1_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"aohghmighlieiainnegkcijnfilokake": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "w",
"commands": {
},
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"initial_keybindings_set": true,
"install_time": "13067512469133756",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"api_console_project_id": "619683526622",
"app": {
"launch": {
"local_path": "main.html"
}
},
"container": "GOOGLE_DRIVE",
"current_locale": "de",
"default_locale": "en_US",
"description": "Dokumente erstellen und bearbeiten",
"icons": {
"128": "icon_128.png",
"16": "icon_16.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB",
"manifest_version": 2,
"name": "Google Docs",
"offline_enabled": true,
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "0.9"
},
"page_ordinal": "n",
"path": "aohghmighlieiainnegkcijnfilokake\\0.9_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"apdfllckaahabafndbhieahigkjlhalf": {
"ack_external": true,
"active_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "y",
"commands": {
},
"content_settings": [ ],
"creation_flags": 137,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13067512471294987",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxps://drive.google.com/?usp=chrome_app"
},
"urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ]
},
"background": {
"allow_js_access": false
},
"current_locale": "de",
"default_locale": "en_US",
"description": "Google Drive: Alle Inhalte an einem Ort erstellen, teilen und speichern.",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB",
"manifest_version": 2,
"name": "Google Drive",
"offline_enabled": true,
"options_page": "hxxps://drive.google.com/settings",
"permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ],
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "6.4"
},
"page_ordinal": "n",
"path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"beobeededemalmllhkmnkinmfembdimh": {
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "yn",
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13052502838065934",
"last_active_pingday": "13053250811519529",
"last_launch_time": "13053288411578111",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://internet-tv.appspot.com/"
},
"urls": [ "hxxp://internet-tv.appspot.com/" ]
},
"current_locale": "de",
"default_locale": "en",
"description": "Online Fernsehen",
"icons": {
"128": "logo.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3fW+Yg76J/oRLsoWJKESumyh1zbuYRjHKQqYP3G40Vypq9FCY2Zi6p+meElD+EV2nORNZmESQ2LXFKSVX5j6cyKGklIOpB6wgQ3/Rb2hKPydlf+znENCdFpwxQ4JotT35il6CRfmzWRSEKUZnpZv4B2fU2bJGHrx2983zf9scuwIDAQAB",
"manifest_version": 2,
"name": "TV",
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "1.0.12"
},
"page_ordinal": "n",
"path": "beobeededemalmllhkmnkinmfembdimh\\1.0.12_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"bepbmhgboaologfdajaanbcjmnhjmhfn": {
"disable_reasons": 1,
"state": 0
},
"blpcfgokakmgnkcojhhkbfbldkacnbeo": {
"ack_external": true,
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "n",
"commands": {
},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13067512470203168",
"last_active_pingday": "13059820806219390",
"last_launch_time": "13059830824761010",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"container": "tab",
"web_url": "hxxp://www.youtube.com/?feature=ytca"
},
"web_content": {
"enabled": true,
"origin": "hxxp://www.youtube.com"
}
},
"current_locale": "de",
"default_locale": "en",
"description": "Die beliebteste Online-Video-Community der Welt",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB",
"manifest_version": 2,
"name": "YouTube",
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "4.2.7"
},
"page_ordinal": "n",
"path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"booedmolknjekdopkepjjeckmjkdpfgl": {
"active_permissions": {
"api": [ "tabs", "webNavigation", "webRequest", "webRequestBlocking", "webRequestInternal" ],
"explicit_host": [ "chrome://newtab/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxps://*/*" ],
"scriptable_host": [ "chrome://settings-frame/*" ]
},
"creation_flags": 1,
"from_bookmark": false,
"from_webstore": false,
"initial_keybindings_set": true,
"install_time": "13045691781674588",
"location": 5,
"manifest": {
"background": {
"persistent": true,
"scripts": [ "bk.js" ]
},
"content_scripts": [ {
"js": [ "cs.js" ],
"matches": [ "chrome://settings-frame/*" ]
} ],
"content_security_policy": "default-src 'self'; script-src chrome://resources 'self' chrome://settings-frame 'unsafe-eval'; frame-src 'self' chrome://settings-frame; style-src 'self' 'unsafe-inline';object-src 'self';",
"description": "Extutil",
"incognito": "spanning",
"key": "MIAfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+ea9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
"manifest_version": 2,
"name": "Extutil",
"permissions": [ "chrome://newtab/", "tabs", "webNavigation", "webRequest", "webRequestBlocking", "hxxp://*/*", "hxxps://*/*", "chrome://settings-frame/" ],
"version": "0.1"
},
"path": "C:\\Users\\kir\\AppData\\Local\\Temp\\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B",
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"bppbpeijolfcampacpljolaegibfhjph": {
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "n",
"commands": {
},
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13065650722481884",
"last_active_pingday": "13053250811743685",
"last_launch_time": "13053289600036965",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://www.tvopedia.com/"
},
"urls": [ "hxxp://www.tvopedia.com/" ]
},
"current_locale": "de",
"default_locale": "en_US",
"description": "Online Fernsehen / Fernsehen",
"icons": {
"128": "128.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQClvJnqcz2aOLGz0kMO2OffVUOa6Ckoa2u11TKQ/9cE93otXjWDayVne3k80VzEQQ4Wk44Nq3nTUfp0aKxlwPQYYLwPIOxCMx2qR1LZ6tWxevjUKB1vPyaLxvx4zBJDqspgapj66UBDirUzCVmtEo+qFWaj8jeUkc02jYL6X8xcqQIDAQAB",
"manifest_version": 2,
"name": "TV",
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "2.6"
},
"page_ordinal": "t",
"path": "bppbpeijolfcampacpljolaegibfhjph\\2.6_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"coobgpohoikkiipiblmjeljniedjpjpf": {
"ack_external": true,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "wq",
"commands": {
},
"content_settings": [ ],
"creation_flags": 153,
"events": [ ],
"from_bookmark": true,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13072177747878673",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://www.google.com/webhp?source=search_app"
},
"urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ]
},
"current_locale": "de",
"default_locale": "en",
"description": "Die schnellste Suche im Web.",
"icons": {
"128": "128.png",
"16": "16.png",
"32": "32.png",
"48": "48.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB",
"manifest_version": 2,
"name": "Google-Suche",
"permissions": [ ],
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "0.0.0.30"
},
"page_ordinal": "n",
"path": "coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.30_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": true,
"was_installed_by_oem": false
},
"dhjepakjckgnfbmmopjiendmekokmiaj": {
"active_bit": false,
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "zzm",
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13052502831913934",
"last_active_pingday": "13067596804173474",
"last_launch_time": "13067619149031101",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://local-weather.org/"
},
"urls": [ "hxxp://local-weather.org/" ]
},
"current_locale": "de",
"default_locale": "en",
"description": "Halten Sie an den lokalen Wetter um Sie herum",
"icons": {
"128": "128.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntB+CDCiZGgEV5CYHViKHvWtPhgQIfh39LEv38vJl8iFrigygHU2iNyz+LmyFtdnIBE3yLYKhBsS6yT72aldnjmpIvv5SvXfQ31xgsYUOXoYPEBNeUyxthW9tvLTuMQhnEce6HPCJ1foCChk0akHU4HlxYX2Fj+ZXrus5oD9KL4Eu3OYz6sZqgjRD2c09zUaDIcLAes+Yfs48qSSwhpvPhf0c6Ey+lHCGEqDpuOps0gmlg47bvFdU9Q6GKEdnu8L0zKpcS6U1oqm9yUPZHnQ3hcEJ+YakSiNPAwjFO+ju1C/KRSWEcdhOCBmCIeitxJqgm1yFZcXh79ZERrh6ud74QIDAQAB",
"manifest_version": 2,
"name": "Wetter vor Ort",
"update_url": "hxxp://clients2.google.com/service/update2/crx",
"version": "2.3"
},
"page_ordinal": "n",
"path": "dhjepakjckgnfbmmopjiendmekokmiaj\\2.3_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"dknjcfihbbbgejkhmfiiikeicekcmhml": {
"active_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"app_launcher_ordinal": "t",
"commands": {
},
"content_settings": [ ],
"creation_flags": 9,
"ephemeral_app": false,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"granted_permissions": {
"api": [ ],
"manifest_permissions": [ ]
},
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"install_time": "13055678461036044",
"lastpingday": "13072950003537389",
"location": 1,
"manifest": {
"app": {
"launch": {
"web_url": "hxxp://whatsapp.androck.co/"
}
},
"description": "How to run Whatsapp™ on pc using Androck",
"icons": {
"128": "icon.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcCRdn+QJjcR8Pa0whDm5pDfcUlvhevN62EcHxZ3pCkNOrEW1NWe8yi/f5+I/mG03vGr8K6CddDhiz5nkSW//aA20HdsQ4chwQUmnTskBhWLUpoSszal904IYscBzUgMyQpREWoEAMXMoLoMFtle3pUYNg8OIP27hbCev2M8ijDGzsPUkKk6qAOPUC3U/NdXIp4HZPZpTLXo0rqpomC9iAxGUzJFLnoWsO+Tj+2QNuZxKkvN3LNhg/9iY1s+ggCkWtL/gaoQ7FgjrUGJwaw/Y3opc/qkFMGH+PnyzGcgIHxy1obx0g9JK/aiHdK5Motuj6kpdM0nJfL3eWgq91RPjwIDAQAB",
"manifest_version": 2,
"name": "Whatsapp™ on pc",
"permissions": [ ],
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "1.0"
},
"page_ordinal": "t",
"path": "dknjcfihbbbgejkhmfiiikeicekcmhml\\1.0_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 1,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"dnhpdliibojhegemfjheidglijccjfmc": {
"active_permissions": {
"api": [ "hotwordPrivate", "tabs", "webConnectable" ],
"explicit_host": [ "*://*.google.co.uk/*", "*://*.google.com/*", "*://*.google.de/*", "*://*.google.fr/*", "*://*.google.ru/*", "chrome://newtab/*" ],
"manifest_permissions": [ ]
},
"commands": {
},
"content_settings": [ ],
"creation_flags": 1,
"ephemeral_app": false,
"events": [ ],
"from_bookmark": false,
"from_webstore": false,
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"initial_keybindings_set": true,
"install_time": "13054667819442993",
"location": 5,
"manifest": {
"background": {
"persistent": false,
"scripts": [ "manager.js" ]
},
"externally_connectable": {
"matches": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/" ]
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDagiQy1VGkO2CHJSjVh7eU5GtuBuOlg2/cTZt7203AcevqpcDd+65S2/yd9KAELYcU6pK8nHVGYBMI6s0u+0RgXfIJ0eFOlTlgfAQWHvg8ovHtJlFJd1COrOkbntD9+s9Jobr3ldmow87aZF1bVHUY4khVP56cZe6adlVw2wK31QIDAQAB",
"manifest_version": 2,
"minimum_chrome_version": "32",
"name": "hotword helper",
"permissions": [ "*://*.google.com/*", "*://*.google.ru/*", "*://*.google.co.uk/*", "*://*.google.fr/*", "*://*.google.de/*", "chrome://newtab/", "hotwordPrivate", "tabs" ],
"version": "0.0.2.0"
},
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\37.0.2062.103\\resources\\hotword_helper",
"preferences": {
},
"regular_only_preferences": {
},
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"eemcgdkfndhakfknompkggombfjjjeno": {
"active_permissions": {
"api": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs" ],
"explicit_host": [ "chrome://favicon/*", "chrome://resources/*" ],
"manifest_permissions": [ ]
},
"creation_flags": 1,
"events": [ ],
"from_bookmark": false,
"from_webstore": false,
"initial_keybindings_set": true,
"install_time": "13045583079291984",
"location": 5,
"manifest": {
"chrome_url_overrides": {
"bookmarks": "main.html"
},
"content_security_policy": "object-src 'none'; script-src chrome://resources 'self'",
"description": "Bookmark Manager",
"incognito": "split",
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB",
"manifest_version": 2,
"name": "Bookmark Manager",
"permissions": [ "bookmarks", "bookmarkManagerPrivate", "metricsPrivate", "systemPrivate", "tabs", "chrome://favicon/", "chrome://resources/" ],
"version": "0.1"
},
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\bookmark_manager",
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"ennkphjdgehloodpbhlhldgbnhmacadg": {
"active_permissions": {
"api": [ ],
"explicit_host": [ "chrome://settings-frame/*" ],
"manifest_permissions": [ ]
},
"creation_flags": 1,
"events": [ "app.runtime.onLaunched" ],
"from_bookmark": false,
"from_webstore": false,
"initial_keybindings_set": true,
"install_time": "13045583079291984",
"location": 5,
"manifest": {
"app": {
"background": {
"scripts": [ "settings_app.js" ]
}
},
"description": "Settings",
"display_in_launcher": false,
"icons": {
"128": "settings_app_icon_128.png",
"16": "settings_app_icon_16.png",
"32": "settings_app_icon_32.png",
"48": "settings_app_icon_48.png"
},
"key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB",
"manifest_version": 2,
"name": "Settings",
"permissions": [ "chrome://settings-frame/" ],
"version": "0.2"
},
"path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.114\\resources\\settings_app",
"running": false,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"flliilndjeohchalpbbcdekjklbdgfkk": {
"ack_external": true,
"active_permissions": {
"api": [ "cookies", "storage", "tabs", "webNavigation", "webRequest", "webRequestBlocking" ],
"explicit_host": [ "chrome://favicon/*", "hxxp://*/*", "hxxps://*/*" ],
"manifest_permissions": [ ],
"scriptable_host": [ "*://*/*" ]
},
"content_settings": [ ],
"creation_flags": 9,
"events": [ ],
"from_bookmark": false,
"from_webstore": true,
"incognito_content_settings": [ ],
"incognito_preferences": {
},
"initial_keybindings_set": true,
"install_time": "13051731283590760",
"lastpingday": "13051695600617760",
"location": 6,
"manifest": {
"background": {
"scripts": [ "js/bunches/background.js" ]
},
"browser_action": {
"default_icon": {
"19": "img/avira_logo.png",
"24": "img/avira_icon24.png",
"32": "img/avira_logo32.png",
"38": "img/avira_logo.png"
},
"default_title": "Avira Browser Safety"
},
"commands": {
"start-search": {
"description": "Start Avira search",
"suggested_key": {
"default": "Alt+A"
}
}
},
"content_scripts": [ {
"css": [ "css/content/content.css" ],
"js": [ "js/bunches/content.js" ],
"matches": [ "*://*/*" ]
}, {
"css": [ "css/content/search.css" ],
"js": [ "js/bunches/search.js" ],
"matches": [ "*://*/*" ]
}, {
"js": [ "js/bunches/content_start.js" ],
"matches": [ "*://*/*" ],
"run_at": "document_start"
} ],
"content_security_policy": "script-src 'self' hxxps://cdn.mxpnl.com hxxp://localhost:4000 hxxps://avira.com hxxps://www.avira.com; object-src 'self'",
"current_locale": "de",
"default_locale": "en",
"description": "Schützt Ihre Privatsphäre durch Blockieren von Online-Gefahren.",
"icons": {
"128": "img/avira_icon128.png",
"16": "img/avira_icon16.png",
"48": "img/avira_icon48.png"
},
"key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl3UicGZTgzDr3crrsAxjwue3gjDfxGKIxaipQBP8smbkQ2GuKVO9nojCLRzdn7TkB+Xo60aTqHC2hQhby0MMyjAvgqjXR2cE+99PtB4Hpvf7k/EOO7VMT2ndm/lVM9cJUtNq3A7GUxTqmL78akNAxgjZK0n2onNqpmiVHxufCmq8tlU+5NtJkk6ioRATpjdsjAxqeuRyglwzx0cPVMpXg8fUXp2EhwFYsDevN6f+7Sm0QujCmjOy11yjlz8XfnX3ODVCwByureqJLuTJpw5SMOykz4LHmUwiIvPdOZXJ9eiduedncVqDMuPTMWwWpkD3uV95pnmFNKE/6GxIx2dhwIDAQAB",
"manifest_version": 2,
"name": "Avira Browser Safety",
"permissions": [ "tabs", "storage", "webNavigation", "webRequest", "webRequestBlocking", "cookies", "hxxp://*/*", "hxxps://*/*", "chrome://favicon/" ],
"update_url": "hxxps://clients2.google.com/service/update2/crx",
"version": "1.2.3",
"web_accessible_resources": [ "html/top.html", "html/blocked.html", "img/serp_info_safe.svg", "img/serp_info_unsafe.svg", "css/images/ui-bg_highlight-soft_100_eeeeee_1x100.png", "img/absb-checks.png", "img/absb-attention.png", "img/absb-close.png" ]
},
"path": "flliilndjeohchalpbbcdekjklbdgfkk\\1.2.3_0",
"preferences": {
},
"regular_only_preferences": {
},
"state": 2,
"was_installed_by_default": false,
"was_installed_by_oem": false
},
"flpcjncodpafbgdpnkljologafpionhb": {
"active_permissions": {
"api": [ "tabs", "webNavigation" ],
"explicit_host": [ "chrome://favicon/*", "chrome://resources/*", "chrome://settings-frame/*", "hxxp://*/*", "hxxp://search.conduit.com/*
*************************
AdwCleaner[R1].txt - [16152 Bytes] - [16/01/2015 15:54:50]
AdwCleaner[R2].txt - [3136 Bytes] - [30/01/2015 12:04:21]
AdwCleaner[R3].txt - [39523 Bytes] - [09/04/2015 00:04:44]
AdwCleaner[S1].txt - [15150 Bytes] - [16/01/2015 15:56:02]
AdwCleaner[S2].txt - [3133 Bytes] - [30/01/2015 12:14:37]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [39702 Bytes] ########## --- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by kir on 09.04.2015 at 0:06:05,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update webget
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\kir\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\kir\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\kir\appdata\local\babylon"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2015 at 0:08:36,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by kir (administrator) on KIR-CAP on 09-04-2015 00:09:46
Running from C:\Users\kir\Downloads
Loaded Profiles: kir (Available profiles: kir)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)
HKLM-x32\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [662016 2009-08-12] (Sonix)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-08] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2269885380-988231122-2713158848-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-27] (Google Inc.)
HKU\S-1-5-21-2269885380-988231122-2713158848-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\kir\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKU\S-1-5-21-2269885380-988231122-2713158848-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2269885380-988231122-2713158848-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50407;https=127.0.0.1:50407;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2269885380-988231122-2713158848-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {7B79508D-C8C5-4960-ACF4-738BFC843281} URL = hxxp://www.bing.com/?cc=de
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=102&itype=n&ver=15440&tm=614&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2269885380-988231122-2713158848-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://de.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10048_swoc_campaign_150131__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2269885380-988231122-2713158848-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2269885380-988231122-2713158848-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://de.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10048_swoc_campaign_150131__yaie&p={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-08] (Avast Software s.r.o.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-08] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-2269885380-988231122-2713158848-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\z51psq54.default-1421519012650
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-15] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> d:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2014-08-01] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\z51psq54.default-1421519012650\searchplugins\google-avast.xml [2015-02-26]
FF Extension: Adblock Plus - C:\Users\kir\AppData\Roaming\Mozilla\Firefox\Profiles\z51psq54.default-1421519012650\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-01]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-09-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.consors.de/
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> https://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (fernsehsuche.de) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoagjeoomgmendljkcehjnifjpcaeaki [2015-01-16]
CHR Extension: (Google Docs) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-26]
CHR Extension: (Google Drive) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-26]
CHR Extension: (TV) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-08-14]
CHR Extension: (YouTube) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-26]
CHR Extension: (TV) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph [2014-08-23]
CHR Extension: (Google Search) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-26]
CHR Extension: (Local Weather) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjepakjckgnfbmmopjiendmekokmiaj [2014-08-14]
CHR Extension: (Whatsapp™ on pc) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknjcfihbbbgejkhmfiiikeicekcmhml [2014-09-20]
CHR Extension: (ARD Mediathek) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\fodbakfdbjppckchpkmlkflnjiljcljp [2014-12-08]
CHR Extension: (AdBlock) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-10]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-08-14]
CHR Extension: (Test your Internet speed) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekhmbhledgahgpondpnaeaffoipehch [2014-08-14]
CHR Extension: (Translator (All Languages)) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkohkdahffmjhcehilamblbpnjpmlo [2014-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Movies) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkanjdppoifnkmakhilbeaohboaegjl [2015-01-16]
CHR Extension: (Currency Converter) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndokegkpdlafochibjpgjglkcamdpip [2014-08-14]
CHR Extension: (Google Maps) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-08-14]
CHR Extension: (Rain Alarm) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok [2014-08-14]
CHR Extension: (Universal Unit Converter) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafkejlpknmikohhgdelefdeeieplkog [2014-08-14]
CHR Extension: (Google Wallet) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-26]
CHR Extension: (Internet Speed Booster 2) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\odhamimojfifikhbhhhcmaekhkinpmge [2014-08-14]
CHR Extension: (TV Germany - TV Duitsland Fernsehen) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeikdijhnfihaklejncbiaciicpenhak [2014-09-20]
CHR Extension: (ZDF Mediathek) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\okbjjkadnipbienakmljnnijlcfcmlgm [2014-12-08]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2014-12-08]
CHR Extension: (Radio Player Live Stations) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooflekjlabfkiacfocahkgcdadcnhmjf [2014-08-14]
CHR Extension: (Radio online) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooknliccjbhggbjkakpanckidhkjeekl [2014-08-14]
CHR Extension: (Gmail) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-26]
CHR Extension: (Flash-Radio-2) - C:\Users\kir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pokigghgoachjedfaajmldbgddlccgbi [2014-08-14]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-05-28] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-08] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-08] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4030800 2015-03-20] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28848 2014-09-16] (Samsung Electronics Co., Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2014-05-28] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-05-09] (ASRock Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-08] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-04-08] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-08] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-04-08] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-08] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-08] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-08] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-08] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-07-30] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-08] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-30] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [268976 2014-09-16] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111280 2014-09-16] (Samsung Electronics Co., Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3565312 2011-05-04] ()
S3 TridVid; C:\Windows\System32\DRIVERS\tridvid6010.sys [411648 2011-01-21] (10Moons Technologies Co.,Ltd)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-03-20] (Avast Software)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-04-09] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 00:08 - 2015-04-09 00:08 - 00001534 _____ () C:\Users\kir\Desktop\JRT.txt
2015-04-09 00:06 - 2015-04-09 00:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KIR-CAP-Windows-7-Home-Premium-(64-bit).dat
2015-04-09 00:06 - 2015-04-09 00:06 - 00000000 ____D () C:\RegBackup
2015-04-08 23:59 - 2015-04-08 23:59 - 02686959 _____ (Thisisu) C:\Users\kir\Downloads\JRT.exe
2015-04-08 23:58 - 2015-04-08 23:58 - 02217984 _____ () C:\Users\kir\Downloads\AdwCleaner_4.201.exe
2015-04-08 00:18 - 2015-04-09 00:06 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-04-08 00:17 - 2015-04-08 00:17 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-04-08 00:17 - 2015-04-08 00:17 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-08 00:17 - 2015-04-08 00:17 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-08 00:17 - 2015-04-08 00:17 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-08 00:17 - 2015-04-08 00:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-08 00:14 - 2015-04-08 00:14 - 00000000 ____D () C:\Users\kir\Tracing
2015-04-08 00:13 - 2015-04-08 00:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-08 00:12 - 2015-04-08 00:12 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 00:09 - 2015-04-08 00:12 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Dropbox
2015-04-07 23:58 - 2015-04-08 10:35 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-07 23:58 - 2015-04-08 00:17 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-07 23:58 - 2015-04-08 00:17 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-07 19:24 - 2015-04-07 19:24 - 00014676 _____ () C:\ComboFix.txt
2015-04-07 19:19 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-07 19:19 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-07 19:19 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-07 19:19 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-07 19:19 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-07 19:19 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-07 19:19 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-07 19:19 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-07 19:17 - 2015-03-20 10:28 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF595.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00441728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF79D.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00268640 _____ () C:\Windows\system32\Drivers\aswF7BD.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF8A8.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF613.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF74D.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00065736 _____ () C:\Windows\system32\Drivers\aswF76D.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00029168 _____ () C:\Windows\system32\Drivers\aswF71D.tmp
2015-04-07 19:17 - 2015-03-20 10:28 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswF546.tmp
2015-04-07 18:52 - 2015-04-07 19:24 - 00000000 ____D () C:\Qoobox
2015-04-07 18:52 - 2015-04-07 19:23 - 00000000 ____D () C:\Windows\erdnt
2015-04-07 18:51 - 2015-04-07 18:51 - 05617096 ____R (Swearware) C:\Users\kir\Downloads\ComboFix.exe
2015-04-06 17:21 - 2015-04-09 00:09 - 00025050 _____ () C:\Users\kir\Downloads\FRST.txt
2015-04-06 17:21 - 2015-04-09 00:09 - 00000000 ____D () C:\FRST
2015-04-06 17:21 - 2015-04-06 17:21 - 00033477 _____ () C:\Users\kir\Downloads\Addition.txt
2015-04-06 17:19 - 2015-04-06 17:19 - 02095616 _____ (Farbar) C:\Users\kir\Downloads\FRST64.exe
2015-04-06 11:37 - 2015-04-06 11:37 - 00001285 _____ () C:\Users\kir\Desktop\Any Video Converter Professional.lnk
2015-04-06 11:37 - 2015-04-06 11:37 - 00000000 ____D () C:\Users\kir\Documents\Any Video Converter Professional
2015-04-06 11:35 - 2015-04-06 11:37 - 37479392 _____ (Any-Video-Converter.com ) C:\Users\kir\Downloads\any-video-converter.exe
2015-04-06 11:25 - 2015-04-06 11:25 - 03312664 _____ (DVDVideoSoft Ltd. ) C:\Users\kir\Downloads\FreeYouTubeDownload.exe
2015-04-06 11:25 - 2015-04-06 11:25 - 00022150 _____ () C:\Users\kir\Downloads\FreeNicoVideoDownload.torrent
2015-04-05 10:41 - 2015-04-05 10:41 - 00009006 _____ () C:\Users\kir\Downloads\17687989 (1).csv
2015-04-05 10:40 - 2015-04-05 10:40 - 00000487 _____ () C:\Users\kir\Downloads\4998________7966.csv
2015-04-05 10:36 - 2015-04-05 10:36 - 00000853 _____ () C:\Users\kir\Downloads\4748________5142.csv
2015-04-05 10:34 - 2015-04-05 10:34 - 00009006 _____ () C:\Users\kir\Downloads\17687989.csv
2015-04-04 11:00 - 2015-04-04 11:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 11:00 - 2015-04-04 11:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-01 10:57 - 2015-04-08 23:14 - 00015440 _____ () C:\Windows\PFRO.log
2015-04-01 10:57 - 2015-04-08 23:14 - 00004267 _____ () C:\Windows\setupact.log
2015-04-01 10:57 - 2015-04-01 10:57 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-31 14:08 - 2015-03-31 14:09 - 05344528 _____ (Piriform Ltd) C:\Users\kir\Downloads\ccsetup504.exe
2015-03-30 10:55 - 2015-03-30 10:55 - 00004185 _____ () C:\Users\kir\Downloads\ab-in-den-urlaub.de.html
2015-03-30 10:55 - 2015-03-30 10:55 - 00000000 ____D () C:\Users\kir\Downloads\ab-in-den-urlaub.de_files
2015-03-25 10:14 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 10:14 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 10:14 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 10:14 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 10:14 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 10:14 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 10:14 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 10:14 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-22 18:52 - 2015-03-22 18:57 - 00000000 ____D () C:\Users\kir\AppData\Roaming\unav
2015-03-22 18:52 - 2015-03-22 18:52 - 00001185 _____ () C:\Users\kir\Desktop\Content Manager.lnk
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UNAV
2015-03-22 18:52 - 2015-03-22 18:52 - 00000000 ____D () C:\Program Files (x86)\UNAV
2015-03-20 10:29 - 2015-03-20 10:29 - 00001942 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-03-20 10:25 - 2015-03-20 10:25 - 00000247 _____ () C:\Windows\system32\2015-03-20-08-25-01.042-aswFe.exe-4880.log
2015-03-20 10:21 - 2015-03-20 10:24 - 00000247 _____ () C:\Windows\system32\2015-03-20-08-21-47.047-aswFe.exe-3940.log
2015-03-20 10:21 - 2015-03-20 10:21 - 00000197 _____ () C:\Windows\system32\2015-03-20-08-21-43.070-AvastVBoxSVC.exe-1752.log
2015-03-19 11:22 - 2015-03-19 11:22 - 00000247 _____ () C:\Windows\system32\2015-03-19-09-22-53.069-aswFe.exe-5976.log
2015-03-19 11:19 - 2015-03-19 11:22 - 00000247 _____ () C:\Windows\system32\2015-03-19-09-19-40.063-aswFe.exe-2856.log
2015-03-19 11:19 - 2015-03-19 11:19 - 00000197 _____ () C:\Windows\system32\2015-03-19-09-19-38.068-AvastVBoxSVC.exe-5704.log
2015-03-18 11:41 - 2015-03-18 11:42 - 00000247 _____ () C:\Windows\system32\2015-03-18-09-41-42.026-aswFe.exe-3260.log
2015-03-18 11:39 - 2015-03-18 11:41 - 00000247 _____ () C:\Windows\system32\2015-03-18-09-39-21.063-aswFe.exe-5476.log
2015-03-18 11:39 - 2015-03-18 11:39 - 00000197 _____ () C:\Windows\system32\2015-03-18-09-39-19.035-AvastVBoxSVC.exe-5692.log
2015-03-18 10:26 - 2015-03-18 10:26 - 00000247 _____ () C:\Windows\system32\2015-03-18-08-26-57.043-aswFe.exe-3256.log
2015-03-18 10:23 - 2015-03-18 10:26 - 00000247 _____ () C:\Windows\system32\2015-03-18-08-23-13.093-aswFe.exe-3980.log
2015-03-18 10:23 - 2015-03-18 10:23 - 00000197 _____ () C:\Windows\system32\2015-03-18-08-23-07.087-AvastVBoxSVC.exe-1512.log
2015-03-17 19:36 - 2015-03-17 19:36 - 00000247 _____ () C:\Windows\system32\2015-03-17-17-36-04.078-aswFe.exe-5760.log
2015-03-17 19:33 - 2015-03-17 19:36 - 00000247 _____ () C:\Windows\system32\2015-03-17-17-33-24.004-aswFe.exe-1468.log
2015-03-17 19:33 - 2015-03-17 19:33 - 00000197 _____ () C:\Windows\system32\2015-03-17-17-33-21.045-AvastVBoxSVC.exe-3976.log
2015-03-17 12:21 - 2015-03-17 12:21 - 00000247 _____ () C:\Windows\system32\2015-03-17-10-21-02.076-aswFe.exe-2204.log
2015-03-17 12:19 - 2015-03-17 12:20 - 00000247 _____ () C:\Windows\system32\2015-03-17-10-19-24.083-aswFe.exe-4564.log
2015-03-17 12:19 - 2015-03-17 12:19 - 00000197 _____ () C:\Windows\system32\2015-03-17-10-19-22.047-AvastVBoxSVC.exe-2812.log
2015-03-17 11:14 - 2015-03-17 11:14 - 00000247 _____ () C:\Windows\system32\2015-03-17-09-14-44.060-aswFe.exe-5552.log
2015-03-17 11:11 - 2015-03-17 11:14 - 00000247 _____ () C:\Windows\system32\2015-03-17-09-11-51.058-aswFe.exe-5780.log
2015-03-17 11:11 - 2015-03-17 11:11 - 00000197 _____ () C:\Windows\system32\2015-03-17-09-11-47.052-AvastVBoxSVC.exe-4940.log
2015-03-16 16:33 - 2015-03-16 16:33 - 00000247 _____ () C:\Windows\system32\2015-03-16-14-33-50.022-aswFe.exe-5776.log
2015-03-16 16:32 - 2015-03-16 16:33 - 00000247 _____ () C:\Windows\system32\2015-03-16-14-32-13.046-aswFe.exe-5924.log
2015-03-16 16:32 - 2015-03-16 16:32 - 00000197 _____ () C:\Windows\system32\2015-03-16-14-32-10.086-AvastVBoxSVC.exe-4940.log
2015-03-16 12:52 - 2015-03-16 12:52 - 00000247 _____ () C:\Windows\system32\2015-03-16-10-52-53.048-aswFe.exe-4536.log
2015-03-16 12:50 - 2015-03-16 12:52 - 00000247 _____ () C:\Windows\system32\2015-03-16-10-50-02.013-aswFe.exe-1596.log
2015-03-16 12:49 - 2015-03-16 12:49 - 00000197 _____ () C:\Windows\system32\2015-03-16-10-49-59.050-AvastVBoxSVC.exe-1832.log
2015-03-15 18:15 - 2015-03-15 18:15 - 00000247 _____ () C:\Windows\system32\2015-03-15-16-15-34.063-aswFe.exe-3576.log
2015-03-15 18:13 - 2015-03-15 18:15 - 00000247 _____ () C:\Windows\system32\2015-03-15-16-13-50.040-aswFe.exe-5408.log
2015-03-15 18:13 - 2015-03-15 18:13 - 00000197 _____ () C:\Windows\system32\2015-03-15-16-13-48.000-AvastVBoxSVC.exe-3724.log
2015-03-15 12:16 - 2015-03-15 12:16 - 00000247 _____ () C:\Windows\system32\2015-03-15-10-16-24.051-aswFe.exe-5456.log
2015-03-15 12:14 - 2015-03-15 12:16 - 00000247 _____ () C:\Windows\system32\2015-03-15-10-14-40.058-aswFe.exe-6000.log
2015-03-15 12:14 - 2015-03-15 12:14 - 00000197 _____ () C:\Windows\system32\2015-03-15-10-14-38.041-AvastVBoxSVC.exe-4348.log
2015-03-13 10:56 - 2015-03-13 10:56 - 00000247 _____ () C:\Windows\system32\2015-03-13-08-56-39.041-aswFe.exe-2332.log
2015-03-13 10:53 - 2015-03-13 10:56 - 00000247 _____ () C:\Windows\system32\2015-03-13-08-53-08.051-aswFe.exe-2180.log
2015-03-13 10:53 - 2015-03-13 10:53 - 00000197 _____ () C:\Windows\system32\2015-03-13-08-53-04.068-AvastVBoxSVC.exe-5832.log
2015-03-11 16:35 - 2015-03-11 16:35 - 00000247 _____ () C:\Windows\system32\2015-03-11-14-35-28.017-aswFe.exe-5780.log
2015-03-11 16:33 - 2015-03-11 16:35 - 00000247 _____ () C:\Windows\system32\2015-03-11-14-33-28.075-aswFe.exe-4564.log
2015-03-11 16:33 - 2015-03-11 16:33 - 00000197 _____ () C:\Windows\system32\2015-03-11-14-33-26.065-AvastVBoxSVC.exe-3104.log
2015-03-11 14:50 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 14:50 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 14:50 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 14:50 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 14:50 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 14:50 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 14:50 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 14:50 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 14:50 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 14:50 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 14:50 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 14:50 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 14:50 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 14:50 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 14:50 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 14:50 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 14:50 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 14:50 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 14:50 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 14:50 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 14:50 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 14:50 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 14:50 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 14:50 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 14:50 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 14:50 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 14:50 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 14:50 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 14:50 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 14:50 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 14:50 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 14:50 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 14:50 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 14:50 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 14:49 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 14:49 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 14:49 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 14:49 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 14:49 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 14:49 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 14:49 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 14:49 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 14:49 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 14:49 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 14:49 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 14:49 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 14:49 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 14:49 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 14:49 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 14:49 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 14:49 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 14:49 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 14:49 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 14:49 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 14:49 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 14:49 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 14:49 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 14:49 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 14:49 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 14:49 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 14:49 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 14:49 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 14:49 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 14:49 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 14:49 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 14:49 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 14:49 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 14:49 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 14:49 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 14:49 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 14:49 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 14:49 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 14:49 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 14:49 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 14:49 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 14:49 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 14:49 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 14:49 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 14:49 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 14:49 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 14:49 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 14:49 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 14:49 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 14:49 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 14:49 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 14:49 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 14:49 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 14:49 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 14:49 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 14:49 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 14:49 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 14:49 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 14:49 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 14:49 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 14:49 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 14:49 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 14:49 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 14:49 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 14:49 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 14:49 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 14:49 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 14:49 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 14:49 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 14:49 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 14:49 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 14:49 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 14:49 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 14:49 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 14:49 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 14:49 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 14:49 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 14:49 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 14:49 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 14:49 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 14:49 - 2015-01-31 05:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 14:49 - 2015-01-31 05:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 14:49 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 14:49 - 2015-01-31 01:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 14:49 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 14:49 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 14:48 - 2015-03-11 14:48 - 00000247 _____ () C:\Windows\system32\2015-03-11-12-48-21.025-aswFe.exe-6588.log
2015-03-11 14:48 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 14:48 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 14:45 - 2015-03-11 14:48 - 00000247 _____ () C:\Windows\system32\2015-03-11-12-45-05.066-aswFe.exe-1668.log
2015-03-11 14:44 - 2015-03-11 14:45 - 00000197 _____ () C:\Windows\system32\2015-03-11-12-44-59.069-AvastVBoxSVC.exe-2388.log
2015-03-10 18:09 - 2014-06-29 11:36 - 92683939 _____ () C:\Users\kir\Documents\720P_1000k_18796832.mp4
2015-03-10 17:58 - 2015-03-10 17:58 - 00011440 _____ () C:\Users\kir\Documents\cc_20150310_165815.reg
2015-03-10 17:55 - 2015-03-10 17:55 - 05325696 _____ (Piriform Ltd) C:\Users\kir\Downloads\ccsetup503.exe
2015-03-10 15:36 - 2015-03-10 15:36 - 00000247 _____ () C:\Windows\system32\2015-03-10-13-36-49.005-aswFe.exe-2372.log
2015-03-10 15:35 - 2015-03-10 15:36 - 00000247 _____ () C:\Windows\system32\2015-03-10-13-35-08.031-aswFe.exe-6012.log
2015-03-10 15:35 - 2015-03-10 15:35 - 00000197 _____ () C:\Windows\system32\2015-03-10-13-35-06.022-AvastVBoxSVC.exe-1628.log
2015-03-10 11:17 - 2015-03-10 11:17 - 00000247 _____ () C:\Windows\system32\2015-03-10-09-17-03.046-aswFe.exe-2516.log
2015-03-10 11:15 - 2015-03-10 11:16 - 00000247 _____ () C:\Windows\system32\2015-03-10-09-15-16.021-aswFe.exe-4812.log
2015-03-10 11:15 - 2015-03-10 11:15 - 00000197 _____ () C:\Windows\system32\2015-03-10-09-15-13.061-AvastVBoxSVC.exe-860.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-09 00:06 - 2014-08-26 18:36 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2015-04-09 00:05 - 2015-01-16 12:02 - 00000000 ____D () C:\AdwCleaner
2015-04-09 00:03 - 2014-05-26 14:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 23:55 - 2014-08-25 17:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 23:24 - 2014-05-26 14:50 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 23:21 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 23:21 - 2009-07-14 06:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 23:19 - 2010-11-21 08:50 - 00703678 _____ () C:\Windows\system32\perfh007.dat
2015-04-08 23:19 - 2010-11-21 08:50 - 00150816 _____ () C:\Windows\system32\perfc007.dat
2015-04-08 23:19 - 2009-07-14 07:13 - 01631530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-08 23:17 - 2014-05-26 13:12 - 01208470 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 23:14 - 2014-05-26 14:50 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 23:14 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 00:14 - 2014-05-27 23:47 - 00000000 ____D () C:\Users\kir\AppData\Roaming\Skype
2015-04-08 00:14 - 2014-05-26 13:20 - 00000000 ____D () C:\Users\kir
2015-04-08 00:13 - 2014-05-27 23:47 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-08 00:13 - 2014-05-27 23:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-08 00:13 - 2014-05-27 23:47 - 00000000 ____D () C:\ProgramData\Skype
2015-04-08 00:12 - 2014-05-26 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-07 19:23 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-06 19:04 - 2014-05-27 21:39 - 00000000 ____D () C:\Users\kir\AppData\Roaming\vlc
2015-04-06 11:37 - 2015-02-01 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-04-06 11:37 - 2015-02-01 01:03 - 00000000 ____D () C:\Program Files (x86)\Anvsoft
2015-04-06 11:37 - 2015-02-01 00:15 - 00000000 ____D () C:\Users\kir\AppData\Roaming\AnvSoft
2015-04-04 10:24 - 2014-05-26 14:51 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-31 14:09 - 2014-05-28 15:02 - 00000782 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-31 14:09 - 2014-05-28 15:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-31 14:09 - 2014-05-27 21:21 - 00000000 ____D () C:\Users\kir\AppData\Local\CrashDumps
2015-03-30 10:57 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-25 17:53 - 2015-01-14 12:14 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 17:53 - 2014-05-28 14:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-22 20:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-22 18:52 - 2014-08-25 11:43 - 00000000 ____D () C:\Users\kir\AppData\Roaming\becker
2015-03-15 12:33 - 2014-05-27 21:38 - 00000779 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-15 12:33 - 2014-05-26 14:46 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-15 12:33 - 2014-05-26 14:46 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-15 12:33 - 2014-05-26 13:47 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-11 16:29 - 2009-07-14 06:45 - 00422024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 16:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 16:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 15:05 - 2014-05-28 12:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 15:04 - 2014-05-28 12:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 17:50 - 2014-05-26 14:06 - 00000000 ____D () C:\Users\kir\AppData\Local\Google
==================== Files in the root of some directories =======
2015-02-05 15:46 - 2015-02-05 15:46 - 0004608 _____ () C:\Users\kir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-13 10:30 - 2014-10-13 10:30 - 0004280 _____ () C:\Users\kir\AppData\Local\HWVendorDetection.log
2014-05-26 16:00 - 2014-05-26 16:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\kir\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprbtk_o.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 12:26
==================== End Of Log ============================ --- --- ---
--- --- --- |