cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016
Ran by mario (administrator) on MARIO-HP (17-05-2016 01:13:46)
Running from C:\Users\mario\Desktop
Loaded Profiles: mario (Available Profiles: mario)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\37.0.2178.43\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-14] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2662472 2016-05-12] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [FromDocToPDF_65 Browser Plugin Loader] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon.exe [30096 2013-05-19] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM-x32\...\Run: [UbeeStick] => C:\Program Files (x86)\Ubee\UbeeStick\UbeeStick64.exe [59904 2012-05-11] ()
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3960744 2015-07-28] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111312 2016-05-11] (AVAST Software)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [uTorrent] => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [Facebook Update] => C:\Users\mario\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-16] (Facebook Inc.)
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [SSync] => "C:\Users\mario\AppData\Roaming\SSync\SSync.exe"
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [Intermediate] => "C:\Users\mario\AppData\Roaming\Intermediate\Intermediate.exe"
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7298560 2012-08-30] ()
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1381648 2015-06-08] (Lavasoft)
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Run: [ApowersoftScreenCapture] => C:\Program Files (x86)\Apowersoft\Apowersoft Screen Capture Pro\Apowersoft Screen Capture Pro.exe /autoStart
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {0a8ba2f0-c194-11e5-b104-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {0a8ba325-c194-11e5-b104-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {18a5d085-06eb-11e3-91e1-009c028e7f11} - G:\WinInit.exe -c
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {1ba45f49-ad53-11e5-b7ce-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {3c17e0bd-81bd-11e2-88e3-009c028e7f11} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {47a4100a-f636-11e3-99c7-009c028e7f11} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {69606b9e-9498-11e1-8d6a-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {6a902efd-142e-11e3-af8b-009c028e7f11} - G:\Windows/AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {808444c4-9195-11e1-9121-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {808444d4-9195-11e1-9121-009c028e7f11} - G:\AutoRun.exe
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\MountPoints2: {b9a806fa-ad82-11e1-8fa4-009c028e7f11} - G:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => No File
AppInit_DLLs-x32: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-02-27]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Powertools.lnk [2013-05-19]
ShortcutTarget: MaxTV Powertools.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\maxtv_powertools.exe (No File)
Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Recorder Manager.lnk [2013-05-19]
ShortcutTarget: MaxTV Recorder Manager.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe (No File)
Startup: C:\Users\mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk [2013-05-19]
ShortcutTarget: MaxTV.lnk -> C:\Program Files (x86)\MaxTV\MaxTV4\maxtv.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9 15 C:\Windows\system32\LavasoftTcpService.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [428880 2015-06-08] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{A56E4E8F-8619-45AB-A3AE-2E7301449C14}: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{A7BBB93C-783C-486A-8621-5E255334D1BD}: [DhcpNameServer] 192.168.14.1 200.2.128.10 200.2.129.10 10.0.51.18

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=1373562837
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.globasearch.com/?serie=219&b=3&installkey=kkaJeXbH2Jt8c1MNEDkO
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=1373562837
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=1373562837
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=1373562837
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=XQxdm018YYht&ptb=03360E27-7906-43F8-B7F2-388B6F5E3D1B&si=CPzpk83-4LACFa9l7AodzWPskQ
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=021713
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://fr.yahoo.com/
HKU\S-1-5-21-2158992580-1304642717-576862432-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://fr.yahoo.com/
URLSearchHook: HKLM-x32 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> Default = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 - (No Name) - {8523acf8-02f7-4133-bb3b-79daf49b5cac} - No File
URLSearchHook: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9250315AS_6VCYQ313&ts=0
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST9250315AS_6VCYQ313&ts=0
SearchScopes: HKLM -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=477&systemid=406&v=r8448-53&apn_uid=7533352561534990&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzutAtN2Y1L1QzuyB0C0Ezy0DtAyDyE0DtCtB0AyBtAyBzztN0D0TzutBtDtCtBtDyCtBtA&cr=1220346831
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.globasearch.com/?serie=219&installkey=kkaJeXbH2Jt8c1MNEDkO&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.globasearch.com/?serie=219&installkey=kkaJeXbH2Jt8c1MNEDkO&b=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {41542154-B4F8-29F3-206C-0EBD9CD21A51} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={CD3426E0-B05F-11E1-8EA8-009C028E7F11}
SearchScopes: HKLM-x32 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt810YYHT&ptnrS=ZNxpt810YYHT&si=161815289&ptb=cDgQNshOz3bAlZeG4pI6GQ&ind=2012062314&n=77eda26a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=477&systemid=406&v=r8448-53&apn_uid=7533352561534990&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzutAtN2Y1L1QzuyB0C0Ezy0DtAyDyE0DtCtB0AyBtAyBzztN0D0TzutBtDtCtBtDyCtBtA&cr=1220346831
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.globasearch.com/?serie=219&installkey=kkaJeXbH2Jt8c1MNEDkO&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.globasearch.com/?serie=219&installkey=kkaJeXbH2Jt8c1MNEDkO&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=44917CE9D354D12B&affID=122304&tt=160713_9127&tsp=4946
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=0
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {3ACAEEE4-CB1E-4088-B467-B0DA2897CDB5} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {41542154-B4F8-29F3-206C-0EBD9CD21A51} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={CD3426E0-B05F-11E1-8EA8-009C028E7F11}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNxpt810YYHT&ptnrS=ZNxpt810YYHT&si=161815289&ptb=cDgQNshOz3bAlZeG4pI6GQ&ind=2012062314&n=77eda26a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.globasearch.com/?serie=219&installkey=kkaJeXbH2Jt8c1MNEDkO&b=3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://home.myplaycity.com/results.php?category=web&s={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=20&systemid=2&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=477&systemid=406&v=r8448-53&apn_uid=7533352561534990&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLaaU7OZ&i=26
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {E6A0FA29-434D-48D4-AB71-CBD274D09E1E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=kw&q={searchTerms}&locale=&apn_ptnrs=^8R&apn_dtid=^YYYYYY^YY^HT&apn_uid=39CA7A97-FC08-42DD-AD9F-7611EF72E2E8&apn_sauid=68153DD8-F1C4-4054-9449-0E4A2A76C8BA
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=stonicrow&chnl=stonicrow&cd=2XzutAtN2Y1L1QzuyB0C0Ezy0DtAyDyE0DtCtB0AyBtAyBzztN0D0TzutBtDtCtBtDyCtBtA&cr=1220346831
SearchScopes: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> {FF42F539-01E8-4558-B8F2-BF110A2A25E3} URL = hxxp://search.softonic.com/INF00212/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=83
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-12] (Google Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [2012-04-02] (AnchorFree Inc.)
BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Funmoods Helper Object -> {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -> C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll => No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\19.4.0.508\AVG Secure Search_toolbar.dll [2016-05-12] (AVG Secure Search)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll => No File
BHO-x32: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll => No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-12] (Google Inc.)
BHO-x32: Wincore Mediabar -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll => No File
BHO-x32: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01] (Ask)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2013-05-19] (MindSpark)
BHO-x32: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll [2012-04-02] (AnchorFree Inc.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - No Name - !{3042df7a-e900-4389-9b94-923df0daa57e} - No File
Toolbar: HKLM - No Name - !{3392cfec-56f8-41ee-bdb4-4e301efd2c93} - No File
Toolbar: HKLM - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File
Toolbar: HKLM - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM - No Name - !{a899079d-206f-43a6-be6a-07e0fa648ea0} - No File
Toolbar: HKLM - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-12] (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\19.4.0.508\AVG Secure Search_toolbar.dll [2016-05-12] (AVG Secure Search)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll No File
Toolbar: HKLM-x32 - Wincore Mediabar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll No File
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM-x32 - No Name - !{3042df7a-e900-4389-9b94-923df0daa57e} - No File
Toolbar: HKLM-x32 - No Name - !{3392cfec-56f8-41ee-bdb4-4e301efd2c93} - No File
Toolbar: HKLM-x32 - No Name - !{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - No File
Toolbar: HKLM-x32 - No Name - !{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - !{a899079d-206f-43a6-be6a-07e0fa648ea0} - No File
Toolbar: HKLM-x32 - No Name - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2011-02-01] (Ask)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-2158992580-1304642717-576862432-1002 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-05-12] (AVG Secure Search)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9250315AS_6VCYQ313&ts=1373562837

FireFox:
========
FF ProfilePath: C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default
FF NewTab: hxxp://www.globasearch.com/?serie=219&b=2&installkey=kkaJeXbH2Jt8c1MNEDkO&newtab
FF Homepage: hxxp://www.globasearch.com/?serie=219&b=2&installkey=kkaJeXbH2Jt8c1MNEDkO
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @ei.Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5qEI\Installr\1.bin\NP5qEISB.dll [2012-12-19] (Zwinky)
FF Plugin-x32: @FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\NP65Stub.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\mario\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: KuaiWanInsert -> C:\Users\mario\Desktop\Kuaiwan\npKWWebGame.dll [2015-03-11] (Shenzhen QVOD Technology Co.,Ltd)
FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: SkypePlugin -> C:\Users\mario\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi.dll [2015-07-17] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2158992580-1304642717-576862432-1002: SkypePlugin64 -> C:\Users\mario\AppData\Local\SkypePlugin\7.5.0.123\npGatewayNpapi-x64.dll [2015-07-17] (Skype Technologies S.A.)
FF Extension: Cartt - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default\Extensions\arf3@getcartt.com.xpi [2016-05-12]
FF Extension: RandFind - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\0qfzb876.default\Extensions\info@randfind.com.xpi [2016-05-11]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 => not found
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF Extension: Smiley Bar for Facebook - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks [2013-05-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com
FF Extension: Speed Analysis 2 - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013-05-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [65ffxtbr@FromDocToPDF_65.com] - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin [2016-05-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-25] [not signed]
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension => not found
FF HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Firefox\Extensions: [pluswinks@PlusWinks] - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\pluswinks@PlusWinks
FF HKU\S-1-5-21-2158992580-1304642717-576862432-1002\...\Firefox\Extensions: [speedanalysis02@SpeedAnalysis.com] - C:\Users\mario\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://kdidombaedgpfiiedeimiebkmbilgmlc/new_tab.html"
CHR Profile: C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (J'utilise Skype) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apddfflnhdhhkadogcpodfkofhmgbiao [2015-07-29]
CHR Extension: (Google Drive) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-28]
CHR Extension: (Appel Skype) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2015-07-29]
CHR Extension: (YouTube) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-28]
CHR Extension: (FunDial) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj [2015-07-28] [UpdateUrl: hxxp://funmoods.com/public/download/chrome/update.xml] <==== ATTENTION
CHR Extension: (Recherche Google) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-28]
CHR Extension: (Speed Analysis 2) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf [2015-07-28] [UpdateUrl: hxxps://srv.mzcdn.com/addons/speedanalysis02/update.chrome.xml] <==== ATTENTION
CHR Extension: (Jeux de Boxe) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\effipaobbihlandhjjlgicebbjmfnmih [2015-07-28]
CHR Extension: (Delta Toolbar) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2015-07-28] [UpdateUrl: hxxp://upd.info-stream.net/chromecrx/update.php] <==== ATTENTION
CHR Extension: (Funmoods) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki [2015-07-28] [UpdateUrl: hxxp://funmoods.com/public/download/chrome/update.xml] <==== ATTENTION
CHR Extension: (Google Sheets) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (DealPly) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje [2015-07-28]
CHR Extension: (SwytShop) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gobbnicjoijcfndfmmfjnfgldgcnjibl [2016-05-11]
CHR Extension: (Full Web Tetris) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieicmdpibfnjbmjolkmohnelljmjomoj [2015-07-28]
CHR Extension: (New tab for Chrome™) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg [2015-07-28]
CHR Extension: (DefaultTab) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2015-07-28]
CHR Extension: (Google Play) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-07-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28]
CHR Extension: (Smiley Bar for Facebook) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog [2015-07-28] [UpdateUrl: hxxps://srv.mzcdn.com/addons/pluswinks/update.chrome.xml] <==== ATTENTION
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (imo free video calls and text) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2015-07-28]
CHR Extension: (Gmail) - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\mario\AppData\Local\funmoods-speeddial.crx [2012-06-23]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\mario\AppData\Local\funmoods.crx [2012-06-23]
CHR HKU\S-1-5-21-2158992580-1304642717-576862432-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\mario\AppData\Local\funmoods-speeddial.crx [2012-06-23]
CHR HKU\S-1-5-21-2158992580-1304642717-576862432-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\mario\AppData\Local\funmoods.crx [2012-06-23]
CHR HKU\S-1-5-21-2158992580-1304642717-576862432-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\mario\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx
CHR HKU\S-1-5-21-2158992580-1304642717-576862432-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\mario\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\mario\AppData\Local\funmoods-speeddial.crx [2012-06-23]
CHR HKLM-x32\...\Chrome\Extension: [dgjkhjdcljddbedokogakmmdjgnbeanf] - C:\Users\mario\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx [2013-04-17]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [fdloijijlkoblmigdofommgnheckmaki] - C:\Users\mario\AppData\Local\funmoods.crx [2012-06-23]
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx [2012-08-15]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\mario\AppData\Local\Torch\Plugins\TorchPlugin.crx
CHR HKLM-x32\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\mario\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\mario\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
StartMenuInternet: Google Chrome - C:\Users\mario\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1630672 2015-07-28] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3719592 2015-07-28] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [356888 2015-07-28] (AVG Technologies CZ, s.r.o.)
S2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [42504 2013-05-19] (COMPANYVERS_NAME)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [329544 2012-04-02] ()
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [339456 2010-11-16] () [File not signed]
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751792 2015-06-08] (Lavasoft Limited)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [19816 2015-06-08] ()
S2 vToolbarUpdater19.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-05-12] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 eSafeSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]
S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [X]
S2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2016-05-11] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2016-05-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [77760 2015-07-09] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [245680 2015-07-28] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [281568 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [256000 2010-09-27] (MBB Technologies Co., Ltd.)
S3 ew_mbbusbdev; C:\Windows\System32\DRIVERS\ew_mbbusbdev.sys [115584 2010-09-26] (MBB Technologies Co., Ltd.)
S3 mbbdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2010-09-27] (MBB Technologies Co., Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 HSPADataCardusbmdm; system32\DRIVERS\HSPADataCardusbmdm.sys [X]
S3 HSPADataCardusbnmea; system32\DRIVERS\HSPADataCardusbnmea.sys [X]
S3 HSPADataCardusbser; system32\DRIVERS\HSPADataCardusbser.sys [X]
S3 HSPADataCardusbvoice; system32\DRIVERS\HSPADataCardusbvoice.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-17 01:13 - 2016-05-17 01:15 - 00043322 _____ C:\Users\mario\Desktop\FRST.txt
2016-05-17 01:13 - 2016-05-17 01:13 - 00000000 ____D C:\FRST
2016-05-17 01:11 - 2016-05-17 01:11 - 02382336 _____ (Farbar) C:\Users\mario\Desktop\FRST64.exe
2016-05-16 18:30 - 2016-05-16 18:30 - 00003134 _____ C:\Windows\System32\Tasks\{18B7615F-DC82-41E3-BD9E-6DE35FC626D1}
2016-05-15 09:41 - 2016-05-15 09:41 - 00668744 _____ C:\Users\mario\Downloads\UnityDownloadAssistant-5.3.4f1.exe
2016-05-15 08:47 - 2016-05-15 08:47 - 00000000 ____D C:\Users\mario\AppData\Roaming\Opera Software
2016-05-15 08:47 - 2016-05-15 08:47 - 00000000 ____D C:\Users\mario\AppData\Local\Opera Software
2016-05-15 08:19 - 2016-05-16 18:53 - 00237422 _____ C:\Windows\ntbtlog.txt
2016-05-15 02:49 - 2016-05-15 03:06 - 00000000 ____D C:\ProgramData\Avg
2016-05-14 09:50 - 2016-05-14 09:50 - 00001246 _____ C:\Users\mario\Desktop\Gang Beasts.lnk
2016-05-14 04:42 - 2016-05-14 04:37 - 00327310 _____ C:\Users\mario\Desktop\Universal Androot v1.6.1.apk
2016-05-14 03:57 - 2016-05-14 03:55 - 149239901 _____ (Google Inc.) C:\Users\mario\Desktop\sdk-android_24-4_en_280710 (2).exe
2016-05-14 03:48 - 2016-05-14 03:48 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01011.Wdf
2016-05-14 03:46 - 2016-05-14 03:48 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-05-13 17:42 - 2016-05-14 03:46 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2016-05-13 17:42 - 2016-05-14 03:46 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2016-05-13 17:25 - 2016-05-13 17:42 - 00000000 ____D C:\Users\mario\Desktop\Impactor_0.9.14
2016-05-13 17:24 - 2016-05-09 17:57 - 11937023 _____ C:\Users\mario\Desktop\Impactor_0.9.14.zip
2016-05-12 18:06 - 2016-05-12 18:06 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2016-05-11 19:01 - 2016-05-11 18:39 - 01847147 _____ C:\Users\mario\Desktop\RootGenius-2.2.83_general_pc.apk
2016-05-11 17:59 - 2013-05-01 21:23 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2016-05-11 17:59 - 2013-05-01 21:23 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2016-05-11 17:59 - 2013-05-01 21:23 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2016-05-11 17:59 - 2013-05-01 21:23 - 00103064 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2016-05-11 17:52 - 2016-05-12 15:53 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463014205
2016-05-11 17:51 - 2016-05-11 17:51 - 00001095 _____ C:\Users\Public\Desktop\Opera 37.lnk
2016-05-11 17:51 - 2016-05-11 17:51 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 37.lnk
2016-05-11 17:50 - 2016-05-15 18:34 - 00000000 ____D C:\Users\mario\AppData\Roaming\DevSet
2016-05-11 17:48 - 2016-05-16 18:29 - 00000000 ____D C:\Program Files (x86)\Opera
2016-05-11 17:47 - 2016-05-11 17:47 - 00000000 ____D C:\Program Files\SAMSUNG
2016-05-11 17:43 - 2016-05-11 17:43 - 00000000 ____D C:\ProgramData\Samsung
2016-05-11 16:06 - 2016-05-11 16:06 - 00000000 ____D C:\Program Files\Opera
2016-05-11 16:01 - 2016-05-11 16:01 - 00003836 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1463007634
2016-05-11 16:00 - 2016-05-11 16:00 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-05-11 15:59 - 2016-04-22 08:44 - 37687944 _____ (Opera Software) C:\Users\mario\Desktop\Opera_36.0.2130.65_Setup.exe
2016-05-11 15:54 - 2016-05-11 15:54 - 00001467 _____ C:\Users\mario\Desktop\iexplore - Shortcut.lnk
2016-05-11 15:50 - 2016-05-11 15:50 - 00000000 ____D C:\Users\mario\AppData\Roaming\Kingosoft
2016-05-11 15:50 - 2016-05-11 15:50 - 00000000 ____D C:\Users\mario\AppData\Local\Kingosoft
2016-05-11 15:41 - 2016-05-11 15:41 - 00001004 _____ C:\Users\mario\Desktop\Kuaiwan - Shortcut.lnk
2016-05-11 15:38 - 2016-05-11 15:52 - 00000000 ____D C:\Users\mario\Desktop\Kuaiwan
2016-05-11 15:33 - 2016-05-16 15:33 - 00000000 ____D C:\ProgramData\KuaiWan
2016-05-11 15:33 - 2016-05-15 09:04 - 00000000 ___SD C:\KuaiwanGames
2016-05-11 14:51 - 2016-05-11 14:52 - 00006144 ___SH C:\Users\mario\AppData\Roaming\Thumbs.db
2016-05-11 14:48 - 2016-05-11 14:48 - 00000000 ____D C:\Users\mario\Documents\My Received Files
2016-05-11 14:43 - 2016-05-11 14:43 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-05-11 14:41 - 2016-05-11 14:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-11 14:22 - 2016-05-11 14:22 - 00000003 _____ C:\Users\mario\AppData\Roaming\pllchannel.txt
2016-05-11 14:12 - 2016-05-11 14:12 - 06748160 _____ C:\Program Files (x86)\GUT4F1A.tmp
2016-05-11 14:12 - 2016-05-11 14:12 - 00000000 ____D C:\Program Files (x86)\GUM4F19.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-16 18:48 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-16 18:48 - 2009-07-13 21:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-16 18:14 - 2013-06-06 20:46 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-05-16 18:14 - 2012-06-15 14:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-16 18:13 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-16 16:06 - 2013-02-16 23:01 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2158992580-1304642717-576862432-1002UA.job
2016-05-16 15:59 - 2013-02-27 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2016-05-16 15:57 - 2012-06-15 14:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-16 15:35 - 2015-08-25 08:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-05-16 15:35 - 2012-04-29 12:35 - 00000000 ____D C:\ProgramData\MFAData
2016-05-15 19:03 - 2012-04-03 15:56 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8DB48A93-9FB9-429E-AF95-EBF10AA54601}
2016-05-15 18:36 - 2013-07-16 15:23 - 00000000 ____D C:\Users\mario\AppData\Roaming\Intermediate
2016-05-15 18:19 - 2015-07-22 07:42 - 00000000 ____D C:\Users\mario\AppData\Local\RtbSync
2016-05-15 17:40 - 2012-04-28 17:56 - 00110456 _____ C:\Users\mario\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-15 17:39 - 2009-07-13 21:45 - 00421872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-15 17:14 - 2013-02-27 19:53 - 00000091 _____ C:\Windows\QBChanUtil_Trigger.ini
2016-05-15 17:11 - 2012-06-29 16:16 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-05-15 17:11 - 2012-06-29 16:15 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-05-15 17:11 - 2011-10-14 14:12 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-15 09:40 - 2012-08-31 08:38 - 00000000 ____D C:\Users\mario\AppData\Local\ElevatedDiagnostics
2016-05-15 08:31 - 2013-02-16 10:18 - 00000000 ____D C:\Users\mario\AppData\Local\VisualBeeExe
2016-05-15 08:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-05-15 07:32 - 2015-07-22 07:42 - 00000000 ____D C:\Users\mario\AppData\Local\ShdUpdate
2016-05-15 06:55 - 2013-07-16 15:23 - 00000000 ____D C:\Users\mario\AppData\Roaming\SCheck
2016-05-15 06:50 - 2013-07-16 15:23 - 00000000 ____D C:\Users\mario\AppData\Roaming\SSync
2016-05-15 06:49 - 2015-07-22 08:00 - 00000000 ____D C:\Users\mario\AppData\Local\Avg
2016-05-15 06:46 - 2015-08-25 09:11 - 00000000 ____D C:\Users\mario\AppData\Roaming\Genius
2016-05-15 03:06 - 2012-04-30 09:54 - 00000000 ____D C:\Program Files (x86)\AVG
2016-05-14 04:11 - 2009-07-13 22:13 - 00739722 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-13 14:55 - 2015-07-23 14:45 - 00000000 ____D C:\Users\mario\Desktop\bootyboo
2016-05-12 15:31 - 2009-07-13 22:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-05-12 15:22 - 2015-08-24 08:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-12 15:22 - 2012-04-30 09:57 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-05-12 15:19 - 2012-04-30 09:57 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2016-05-12 03:56 - 2013-02-16 23:01 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2158992580-1304642717-576862432-1002Core.job
2016-05-12 03:48 - 2012-06-15 14:18 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-12 03:48 - 2012-06-15 14:18 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 18:32 - 2013-06-06 12:07 - 00000000 ____D C:\ProgramData\eSafe
2016-05-11 17:26 - 2012-11-01 15:19 - 00000000 ____D C:\Program Files (x86)\DealPly
2016-05-11 17:15 - 2015-07-01 11:48 - 00000000 ____D C:\Users\mario\AppData\Local\Avg2015
2016-05-11 15:50 - 2015-06-02 11:00 - 00000000 ____D C:\Users\mario\.android
2016-05-11 15:30 - 2015-08-25 08:45 - 01059656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-05-11 15:30 - 2015-08-25 08:45 - 00449992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-05-11 15:24 - 2015-07-30 22:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-11 15:20 - 2012-05-12 18:59 - 00000000 ____D C:\Users\mario\AppData\LocalLow\mediabarbs
2016-05-11 14:43 - 2015-07-01 12:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-11 14:36 - 2012-12-04 15:51 - 00000000 ____D C:\Users\mario\AppData\Roaming\SoftGrid Client
2016-05-11 14:34 - 2012-05-13 12:05 - 00000000 ____D C:\Users\mario\AppData\Local\Google
2016-05-11 14:04 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-11 13:58 - 2016-02-17 20:13 - 00000000 ____D C:\Users\mario\Desktop\New movies

==================== Files in the root of some directories =======

2016-05-11 14:12 - 2016-05-11 14:12 - 6748160 _____ () C:\Program Files (x86)\GUT4F1A.tmp
2016-05-11 14:22 - 2016-05-11 14:22 - 0000003 _____ () C:\Users\mario\AppData\Roaming\pllchannel.txt
2013-05-08 09:24 - 2013-05-08 09:24 - 0030894 _____ () C:\Users\mario\AppData\Roaming\speedanalysis.ico
2016-05-11 14:51 - 2016-05-11 14:52 - 0006144 ___SH () C:\Users\mario\AppData\Roaming\Thumbs.db
2013-07-16 14:25 - 2013-07-16 14:25 - 0022394 _____ () C:\Users\mario\AppData\Roaming\UserTile.png
2012-05-12 18:50 - 2012-12-06 14:59 - 0006144 _____ () C:\Users\mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-23 09:56 - 2012-06-23 09:55 - 0302425 _____ () C:\Users\mario\AppData\Local\funmoods-speeddial.crx
2012-06-23 09:56 - 2012-06-23 09:55 - 0031470 _____ () C:\Users\mario\AppData\Local\funmoods.crx

Some files in TEMP:
====================
C:\Users\mario\AppData\Local\Temp\BearShare_setup.exe
C:\Users\mario\AppData\Local\Temp\dbfhide.exe
C:\Users\mario\AppData\Local\Temp\dblgen11.dll
C:\Users\mario\AppData\Local\Temp\dblib11.dll
C:\Users\mario\AppData\Local\Temp\dbtool11.dll
C:\Users\mario\AppData\Local\Temp\DefaultTabSetup2.exe
C:\Users\mario\AppData\Local\Temp\DeltaTB.exe
C:\Users\mario\AppData\Local\Temp\devcon.exe
C:\Users\mario\AppData\Local\Temp\dvbfor3v.dll
C:\Users\mario\AppData\Local\Temp\eTypeSetup.exe
C:\Users\mario\AppData\Local\Temp\Extract.exe
C:\Users\mario\AppData\Local\Temp\FsdRegistration.dll
C:\Users\mario\AppData\Local\Temp\GDSBLMgr.dll
C:\Users\mario\AppData\Local\Temp\gert0.exe
C:\Users\mario\AppData\Local\Temp\GetCC.dll
C:\Users\mario\AppData\Local\Temp\GUR6B40.exe
C:\Users\mario\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\mario\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\mario\AppData\Local\Temp\htmlayout.dll
C:\Users\mario\AppData\Local\Temp\incredibar_installer.exe
C:\Users\mario\AppData\Local\Temp\Installhelper.dll
C:\Users\mario\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\mario\AppData\Local\Temp\lowproc.exe
C:\Users\mario\AppData\Local\Temp\mgsqlite3.dll
C:\Users\mario\AppData\Local\Temp\msvcp71.dll
C:\Users\mario\AppData\Local\Temp\msvcp90.dll
C:\Users\mario\AppData\Local\Temp\msvcr71.dll
C:\Users\mario\AppData\Local\Temp\msvcr90.dll
C:\Users\mario\AppData\Local\Temp\NGM.exe
C:\Users\mario\AppData\Local\Temp\NGMDll.dll
C:\Users\mario\AppData\Local\Temp\NGMResource.dll
C:\Users\mario\AppData\Local\Temp\NGMSetup.exe
C:\Users\mario\AppData\Local\Temp\OptimizerPro.exe
C:\Users\mario\AppData\Local\Temp\QBFirwal.dll
C:\Users\mario\AppData\Local\Temp\qbinstal.dll
C:\Users\mario\AppData\Local\Temp\QBNGEN.dll
C:\Users\mario\AppData\Local\Temp\r91amzku.dll
C:\Users\mario\AppData\Local\Temp\SCC.dll
C:\Users\mario\AppData\Local\Temp\SendMsg.dll
C:\Users\mario\AppData\Local\Temp\Setup.exe
C:\Users\mario\AppData\Local\Temp\Shortcut_BundleSweetIMSetup.exe
C:\Users\mario\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\mario\AppData\Local\Temp\SMUnInstaller.dll
C:\Users\mario\AppData\Local\Temp\Softonic_chr_1-8-8-11.exe
C:\Users\mario\AppData\Local\Temp\Softonic_FR_1-4-9.exe
C:\Users\mario\AppData\Local\Temp\Softonic_FR_1-4-9[1].exe
C:\Users\mario\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\mario\AppData\Local\Temp\stlport_r50.dll
C:\Users\mario\AppData\Local\Temp\StopQBServer.dll
C:\Users\mario\AppData\Local\Temp\stubhelper.dll
C:\Users\mario\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\mario\AppData\Local\Temp\tbrafp.dll
C:\Users\mario\AppData\Local\Temp\tbuTor.dll
C:\Users\mario\AppData\Local\Temp\tmpCF9D.tmp.exe
C:\Users\mario\AppData\Local\Temp\toolbar2420761.exe
C:\Users\mario\AppData\Local\Temp\toolbar2861495.exe
C:\Users\mario\AppData\Local\Temp\unicows.dll
C:\Users\mario\AppData\Local\Temp\uninst1.exe
C:\Users\mario\AppData\Local\Temp\uninstall285076.exe
C:\Users\mario\AppData\Local\Temp\uninstall309583.exe
C:\Users\mario\AppData\Local\Temp\uninstall309630.exe
C:\Users\mario\AppData\Local\Temp\uninstall4072203.exe
C:\Users\mario\AppData\Local\Temp\UtilDBSetup.dll
C:\Users\mario\AppData\Local\Temp\utt8DED.tmp.exe
C:\Users\mario\AppData\Local\Temp\vbmz11.exe
C:\Users\mario\AppData\Local\Temp\webcompanioninstaller.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-12 04:50

==================== End of FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité