iskacuci prozorcici

1

iskacuci prozorcici

offline
  • Pridružio: 06 Feb 2015
  • Poruke: 86

dakle,na koju god stranicu da odem iskacu prozorcici sa igrivama i reklamama....

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Zdravo,

probacemo da pomognemo, samo je potrebno da ispratis sledece uputstvo:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 06 Feb 2015
  • Poruke: 86

Napisano: 15 Jun 2015 11:24

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by boki (administrator) on BOKI-PC on 15-06-2015 11:21:32
Running from C:\Users\boki\Downloads
Loaded Profiles: boki (Available Profiles: boki)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\6\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\2\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Utility Chest AppIntegrator 32-bit] => C:\PROGRA~1\UTILIT~1\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Viber] => "C:\Users\boki\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-06] (Microsoft Corporation)
Startup: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2015-02-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> OldSearch URL = bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {03522AD0-F4B4-40D8-A8DF-E753C76AB40C} URL = search.yahoo.com/search?fr=chr-greentree_i.....=501549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {A17AC53E-3B9B-4D84-A5FA-521204617850} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....2__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> No File
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_688_bl-sw-24__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-24__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_688_bl-sw-24__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1153890037-1905589206-642550731-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\boki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: Positive Finds - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-06-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (No Name) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Internet Speed Tracker) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifndhjjchjamcecpjhpggeaacihcjnl [2015-02-10]
CHR Extension: (Google Search) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-09]
CHR Extension: (Советник Теслы) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh [2015-02-06]
CHR Extension: (Avast Online Security) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [goalojoobcfkhddpbjcmhdceeegmaphh] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-1153890037-1905589206-642550731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Positive Finds) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpdlkbdppbkhihamnpgegdamopapeddk [2015-05-13]
OPR Extension: (Adblock Plus) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [653584 2015-06-15] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [568080 2015-06-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
R1 smidriver; C:\Windows\System32\Drivers\smidriver.sys [10368 2013-05-15] (SMI) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:21 - 2015-06-15 11:22 - 00020137 _____ C:\Users\boki\Downloads\FRST.txt
2015-06-15 11:21 - 2015-06-15 11:21 - 00000000 ____D C:\FRST
2015-06-15 11:20 - 2015-06-15 11:21 - 01148416 _____ (Farbar) C:\Users\boki\Downloads\FRST.exe
2015-06-14 17:17 - 2015-06-14 17:18 - 00448512 _____ (OldTimer Tools) C:\Users\boki\Downloads\TFC.exe
2015-06-14 15:02 - 2015-06-14 15:03 - 01536858 _____ C:\Users\boki\Downloads\spacesniffer_1_1_4_0.zip
2015-06-10 03:38 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:38 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:38 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:38 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:38 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:38 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:38 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:38 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:38 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:38 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:38 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:38 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:38 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:38 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 03:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:25 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 03:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 03:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:24 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-04 10:19 - 2015-06-04 10:19 - 00001179 _____ C:\Users\boki\Downloads\spec_381621011006_2015-05-65311.zip
2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 14:45 - 2015-05-19 14:45 - 00001584 _____ C:\Users\boki\Documents\PDVD_MediaDisc.PlayList

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:21 - 2015-02-07 21:28 - 00000000 ____D C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 11:13 - 2015-02-04 19:00 - 00000000 ____D C:\Users\boki\AppData\Roaming\Skype
2015-06-15 10:29 - 2015-02-05 18:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 10:28 - 2015-02-04 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:19 - 2015-02-07 21:28 - 00000000 ____D C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 08:18 - 2015-02-05 03:42 - 01127745 _____ C:\Windows\WindowsUpdate.log
2015-06-15 08:13 - 2015-02-05 19:09 - 00020406 _____ C:\Windows\setupact.log
2015-06-15 08:13 - 2015-02-05 18:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 08:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-13 17:13 - 2015-02-04 18:50 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 08:33 - 2015-02-05 11:59 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-06-11 08:40 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:43 - 2015-02-21 16:59 - 00000000 ____D C:\Program Files\Opera
2015-06-11 03:29 - 2009-07-14 06:33 - 00406024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:10 - 2015-02-04 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:09 - 2015-02-05 12:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2015-02-05 12:55 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-31 18:46 - 2015-04-09 12:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-27 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-05-27 10:52 - 2015-02-05 11:10 - 00000000 ___RD C:\Program Files\Skype
2015-05-24 15:18 - 2015-02-04 20:16 - 00000000 ____D C:\Users\boki\AppData\Roaming\vlc
2015-05-22 17:38 - 2015-02-05 19:09 - 00212060 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2015-02-04 20:12 - 2015-02-04 20:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 16:58 - 2015-02-06 16:58 - 0004886 _____ () C:\ProgramData\mtbjfghn.xbe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:26

==================== End of log ============================

Dopuna: 15 Jun 2015 11:28

avast mi stalno izbacuje

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Nedostaje Addition log.

offline
  • Pridružio: 06 Feb 2015
  • Poruke: 86

Napisano: 15 Jun 2015 12:03

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by boki (administrator) on BOKI-PC on 15-06-2015 12:00:12
Running from C:\Users\boki\Downloads
Loaded Profiles: boki (Available Profiles: boki)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\6\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\2\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Utility Chest AppIntegrator 32-bit] => C:\PROGRA~1\UTILIT~1\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Viber] => "C:\Users\boki\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-06] (Microsoft Corporation)
Startup: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2015-02-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> OldSearch URL = bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {03522AD0-F4B4-40D8-A8DF-E753C76AB40C} URL = search.yahoo.com/search?fr=chr-greentree_i.....=501549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {A17AC53E-3B9B-4D84-A5FA-521204617850} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....2__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> No File
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_688_bl-sw-24__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-24__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_688_bl-sw-24__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1153890037-1905589206-642550731-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\boki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: Positive Finds - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-06-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (No Name) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Internet Speed Tracker) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifndhjjchjamcecpjhpggeaacihcjnl [2015-02-10]
CHR Extension: (Google Search) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-09]
CHR Extension: (Советник Теслы) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh [2015-02-06]
CHR Extension: (Avast Online Security) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [goalojoobcfkhddpbjcmhdceeegmaphh] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-1153890037-1905589206-642550731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Positive Finds) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpdlkbdppbkhihamnpgegdamopapeddk [2015-05-13]
OPR Extension: (Adblock Plus) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [653584 2015-06-15] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [568080 2015-06-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
R1 smidriver; C:\Windows\System32\Drivers\smidriver.sys [10368 2013-05-15] (SMI) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:22 - 2015-06-15 11:23 - 00022263 _____ C:\Users\boki\Downloads\Addition.txt
2015-06-15 11:21 - 2015-06-15 12:00 - 00020282 _____ C:\Users\boki\Downloads\FRST.txt
2015-06-15 11:21 - 2015-06-15 12:00 - 00000000 ____D C:\FRST
2015-06-15 11:20 - 2015-06-15 11:21 - 01148416 _____ (Farbar) C:\Users\boki\Downloads\FRST.exe
2015-06-14 17:17 - 2015-06-14 17:18 - 00448512 _____ (OldTimer Tools) C:\Users\boki\Downloads\TFC.exe
2015-06-14 15:02 - 2015-06-14 15:03 - 01536858 _____ C:\Users\boki\Downloads\spacesniffer_1_1_4_0.zip
2015-06-10 03:38 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:38 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:38 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:38 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:38 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:38 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:38 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:38 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:38 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:38 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:38 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:38 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:38 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:38 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 03:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:25 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 03:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 03:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:24 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-04 10:19 - 2015-06-04 10:19 - 00001179 _____ C:\Users\boki\Downloads\spec_381621011006_2015-05-65311.zip
2015-05-28 12:08 - 2015-05-28 12:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 14:45 - 2015-05-19 14:45 - 00001584 _____ C:\Users\boki\Documents\PDVD_MediaDisc.PlayList

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:29 - 2015-02-05 18:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 11:28 - 2015-02-04 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 11:21 - 2015-02-07 21:28 - 00000000 ____D C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 11:13 - 2015-02-04 19:00 - 00000000 ____D C:\Users\boki\AppData\Roaming\Skype
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:19 - 2015-02-07 21:28 - 00000000 ____D C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 08:18 - 2015-02-05 03:42 - 01127745 _____ C:\Windows\WindowsUpdate.log
2015-06-15 08:13 - 2015-02-05 19:09 - 00020406 _____ C:\Windows\setupact.log
2015-06-15 08:13 - 2015-02-05 18:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 08:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-13 17:13 - 2015-02-04 18:50 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 08:33 - 2015-02-05 11:59 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-06-11 08:40 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:43 - 2015-02-21 16:59 - 00000000 ____D C:\Program Files\Opera
2015-06-11 03:29 - 2009-07-14 06:33 - 00406024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:10 - 2015-02-04 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:09 - 2015-02-05 12:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2015-02-05 12:55 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-31 18:46 - 2015-04-09 12:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-27 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-05-27 10:52 - 2015-02-05 11:10 - 00000000 ___RD C:\Program Files\Skype
2015-05-24 15:18 - 2015-02-04 20:16 - 00000000 ____D C:\Users\boki\AppData\Roaming\vlc
2015-05-22 17:38 - 2015-02-05 19:09 - 00212060 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2015-02-04 20:12 - 2015-02-04 20:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 16:58 - 2015-02-06 16:58 - 0004886 _____ () C:\ProgramData\mtbjfghn.xbe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:26

==================== End of log ============================

Dopuna: 15 Jun 2015 12:04

iskopirah sve sto mi izbacilo

Dopuna: 15 Jun 2015 12:07

aha skontala sam nisam stiklirala....evo
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by boki (administrator) on BOKI-PC on 15-06-2015 12:04:55
Running from C:\Users\boki\Downloads
Loaded Profiles: boki (Available Profiles: boki)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\6\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\2\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Utility Chest AppIntegrator 32-bit] => C:\PROGRA~1\UTILIT~1\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Viber] => "C:\Users\boki\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-06] (Microsoft Corporation)
Startup: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2015-02-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> OldSearch URL = bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {03522AD0-F4B4-40D8-A8DF-E753C76AB40C} URL = search.yahoo.com/search?fr=chr-greentree_i.....=501549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {A17AC53E-3B9B-4D84-A5FA-521204617850} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....2__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> No File
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_688_bl-sw-24__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-24__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_688_bl-sw-24__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1153890037-1905589206-642550731-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\boki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: Positive Finds - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-06-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (No Name) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Internet Speed Tracker) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifndhjjchjamcecpjhpggeaacihcjnl [2015-02-10]
CHR Extension: (Google Search) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-09]
CHR Extension: (Советник Теслы) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh [2015-02-06]
CHR Extension: (Avast Online Security) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [goalojoobcfkhddpbjcmhdceeegmaphh] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-1153890037-1905589206-642550731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Positive Finds) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpdlkbdppbkhihamnpgegdamopapeddk [2015-05-13]
OPR Extension: (Adblock Plus) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [653584 2015-06-15] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [568080 2015-06-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
R1 smidriver; C:\Windows\System32\Drivers\smidriver.sys [10368 2013-05-15] (SMI) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:22 - 2015-06-15 11:23 - 00022263 _____ C:\Users\boki\Downloads\Addition.txt
2015-06-15 11:21 - 2015-06-15 12:05 - 00020205 _____ C:\Users\boki\Downloads\FRST.txt
2015-06-15 11:21 - 2015-06-15 12:04 - 00000000 ____D C:\FRST
2015-06-15 11:20 - 2015-06-15 11:21 - 01148416 _____ (Farbar) C:\Users\boki\Downloads\FRST.exe
2015-06-14 17:17 - 2015-06-14 17:18 - 00448512 _____ (OldTimer Tools) C:\Users\boki\Downloads\TFC.exe
2015-06-14 15:02 - 2015-06-14 15:03 - 01536858 _____ C:\Users\boki\Downloads\spacesniffer_1_1_4_0.zip
2015-06-10 03:38 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:38 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:38 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:38 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:38 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:38 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:38 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:38 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:38 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:38 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:38 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:38 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:38 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:38 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 03:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:25 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 03:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 03:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:24 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-04 10:19 - 2015-06-04 10:19 - 00001179 _____ C:\Users\boki\Downloads\spec_381621011006_2015-05-65311.zip
2015-05-28 12:08 - 2015-06-15 12:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 14:45 - 2015-05-19 14:45 - 00001584 _____ C:\Users\boki\Documents\PDVD_MediaDisc.PlayList

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 11:29 - 2015-02-05 18:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 11:28 - 2015-02-04 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 11:21 - 2015-02-07 21:28 - 00000000 ____D C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 11:13 - 2015-02-04 19:00 - 00000000 ____D C:\Users\boki\AppData\Roaming\Skype
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:19 - 2015-02-07 21:28 - 00000000 ____D C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 08:18 - 2015-02-05 03:42 - 01127745 _____ C:\Windows\WindowsUpdate.log
2015-06-15 08:13 - 2015-02-05 19:09 - 00020406 _____ C:\Windows\setupact.log
2015-06-15 08:13 - 2015-02-05 18:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 08:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-13 17:13 - 2015-02-04 18:50 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 08:33 - 2015-02-05 11:59 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-06-11 08:40 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:43 - 2015-02-21 16:59 - 00000000 ____D C:\Program Files\Opera
2015-06-11 03:29 - 2009-07-14 06:33 - 00406024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:10 - 2015-02-04 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:09 - 2015-02-05 12:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2015-02-05 12:55 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-31 18:46 - 2015-04-09 12:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-05-27 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-05-27 10:52 - 2015-02-05 11:10 - 00000000 ___RD C:\Program Files\Skype
2015-05-24 15:18 - 2015-02-04 20:16 - 00000000 ____D C:\Users\boki\AppData\Roaming\vlc
2015-05-22 17:38 - 2015-02-05 19:09 - 00212060 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2015-02-04 20:12 - 2015-02-04 20:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 16:58 - 2015-02-06 16:58 - 0004886 _____ () C:\ProgramData\mtbjfghn.xbe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-13 00:26

==================== End of log ============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Nije se na mestu gde je FRST log, pojavio jos jedan log?

offline
  • Pridružio: 06 Feb 2015
  • Poruke: 86

kako da postavim......
.kopirala sam sve

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Ok. Nema veze, za sad.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
closeprocesses:
C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {A17AC53E-3B9B-4D84-A5FA-521204617850} URL = http://www.sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
BHO: No Name -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> No File
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
FF Extension: Positive Finds - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-06-13]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com
C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com
OPR Extension: (Positive Finds) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpdlkbdppbkhihamnpgegdamopapeddk [2015-05-13]
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [568080 2015-06-15] ()
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [653584 2015-06-15] ()
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 06 Feb 2015
  • Poruke: 86

Napisano: 15 Jun 2015 13:31

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by boki (administrator) on BOKI-PC on 15-06-2015 13:27:33
Running from C:\Users\boki\Downloads
Loaded Profiles: boki (Available Profiles: boki)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\2\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\6\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe
(Opera Software) C:\Program Files\Opera\30.0.1835.59\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [Utility Chest AppIntegrator 32-bit] => C:\PROGRA~1\UTILIT~1\bar\1.bin\AppIntegrator.exe
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Viber] => "C:\Users\boki\AppData\Local\Viber\Viber.exe"
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-06] (Microsoft Corporation)
Startup: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk [2015-02-04]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\boki\AppData\Local\MEGAsync\ShellExtX32.dll No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Page = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn.com/?ocid=iehp
HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = yahoo.com/?fr=hp-avast&type=agc511
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> OldSearch URL = bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {03522AD0-F4B4-40D8-A8DF-E753C76AB40C} URL = search.yahoo.com/search?fr=chr-greentree_i.....=501549&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = q.search-simple.com/?affID=bl_f39c0c99-8c28-45c6-8e66-b4a63c0745cd&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {A17AC53E-3B9B-4D84-A5FA-521204617850} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = search.yahoo.com/search?fr=vmn&type=vmn__w.....2__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = sweet-page.com/web/?utm_source=b&utm_me.....default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1153890037-1905589206-642550731-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> No File
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-04] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-04] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_688_bl-sw-24__alt__ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo
FF DefaultSearchUrl: search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-24__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_688_bl-sw-24__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-04] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-1153890037-1905589206-642550731-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\boki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-04]
FF Extension: Positive Finds - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\Extensions\{f57f3b24-cabd-4998-9e47-8842f793f6de}.xpi [2015-06-13]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\boki\AppData\Roaming\Mozilla\Firefox\Profiles\irzjr10b.default\extensions\fftoolbar2014@etech.com

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/?trackid=sp-006"
CHR DefaultSearchKeyword: Default -> google
CHR DefaultSearchURL: Default -> google.de/search?q={searchTerms}?trackid=sp-006
CHR DefaultSuggestURL: Default -> google.com/complete/search?client=chrome&q={searchTerms}
CHR Profile: C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (No Name) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-07]
CHR Extension: (YouTube) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Internet Speed Tracker) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifndhjjchjamcecpjhpggeaacihcjnl [2015-02-10]
CHR Extension: (Google Search) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Avast SafePrice) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-02-09]
CHR Extension: (Советник Теслы) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\goalojoobcfkhddpbjcmhdceeegmaphh [2015-02-06]
CHR Extension: (Avast Online Security) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Google Wallet) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-05]
CHR Extension: (Gmail) - C:\Users\boki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [goalojoobcfkhddpbjcmhdceeegmaphh] - clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKU\S-1-5-21-1153890037-1905589206-642550731-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=bg_688_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Positive Finds) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\bpdlkbdppbkhihamnpgegdamopapeddk [2015-05-13]
OPR Extension: (Adblock Plus) - C:\Users\boki\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-06-15]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [653584 2015-06-15] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [568080 2015-06-15] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-04-22] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
R1 smidriver; C:\Windows\System32\Drivers\smidriver.sys [10368 2013-05-15] (SMI) [File not signed]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 92D358D9E637F4BF4C2F87CF0B85B494
C:\Windows\System32\DRIVERS\atikmpag.sys 6DC621388E76DC43D8558A20603B5A9E
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys 81F97D8F8B3FB94A451CC6F7CF8B2965
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys EFDEF61C488A193986D4672658E91532
C:\Windows\system32\drivers\aswMonFlt.sys 91AAF4792987B43C0653D74516F092C8
C:\Windows\system32\drivers\aswRdr2.sys 8C8FEC9F50898BB814BDFB5F5B2D566C
C:\Windows\system32\Drivers\aswRvrt.sys 2DB91CE80C367ACDD1331DE9B1E3EAEF
C:\Windows\system32\drivers\aswSnx.sys 83DF5B3DE1C6527972946CDB328446F7
C:\Windows\system32\drivers\aswSP.sys CB2B9FBFF7A3104A6AA60E797156800F
C:\Windows\system32\drivers\aswStm.sys A5F0A2EB182C8A137E2C43CB4109EC1E
C:\Windows\system32\Drivers\aswVmm.sys D45875D018F9FB9BF19B976AD8791DE9
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 92D358D9E637F4BF4C2F87CF0B85B494
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 3051724F223EA48968B19567DE2A81F4
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A5B076011C853B4CAFD6296217A6E345
C:\Windows\System32\Drivers\ksecpkg.sys FD6A70D5D5B5BDF36AD265A232DAFB9A
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 83EE20D7160484C9172FDF0ACBDC8929
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 7B7A157D6CC1EB77BC43E2AA23DAE600
C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\smidriver.sys 36958C3F1D86FA299CF8F1185270465A
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\System32\DRIVERS\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 13:27 - 2015-06-15 13:27 - 00031300 _____ C:\Users\boki\Downloads\Shortcut.txt
2015-06-15 13:05 - 2015-06-15 13:20 - 00306600 _____ ( ) C:\Users\boki\Downloads\SmartDeblur-2.3_win_HOME (1).exe
2015-06-15 13:05 - 2015-06-15 13:10 - 21654504 _____ ( ) C:\Users\boki\Downloads\SmartDeblur-2.3_win_HOME.exe
2015-06-15 11:22 - 2015-06-15 12:06 - 00022263 _____ C:\Users\boki\Downloads\Addition.txt
2015-06-15 11:21 - 2015-06-15 13:27 - 00035695 _____ C:\Users\boki\Downloads\FRST.txt
2015-06-15 11:21 - 2015-06-15 13:27 - 00000000 ____D C:\FRST
2015-06-15 11:20 - 2015-06-15 11:21 - 01148416 _____ (Farbar) C:\Users\boki\Downloads\FRST.exe
2015-06-14 17:17 - 2015-06-14 17:18 - 00448512 _____ (OldTimer Tools) C:\Users\boki\Downloads\TFC.exe
2015-06-14 15:02 - 2015-06-14 15:03 - 01536858 _____ C:\Users\boki\Downloads\spacesniffer_1_1_4_0.zip
2015-06-10 03:38 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 03:38 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 03:38 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 03:38 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 03:38 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 03:38 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 03:38 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 03:38 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 03:38 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 03:38 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 03:38 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 03:38 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 03:38 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 03:38 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 03:38 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 03:38 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 03:38 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 03:38 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 03:38 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 03:38 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 03:38 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 03:38 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 03:38 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 03:38 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 03:38 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 03:38 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 03:38 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 03:25 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 03:25 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 03:24 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 03:24 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 03:24 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 03:24 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 03:24 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 03:24 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 03:24 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 03:24 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-04 10:19 - 2015-06-04 10:19 - 00001179 _____ C:\Users\boki\Downloads\spec_381621011006_2015-05-65311.zip
2015-05-28 12:08 - 2015-06-15 12:04 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-05-19 14:45 - 2015-05-19 14:45 - 00001584 _____ C:\Users\boki\Documents\PDVD_MediaDisc.PlayList
2015-05-13 23:20 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 09:24 - 2015-05-13 09:24 - 00001093 _____ C:\Users\Public\Desktop\Opera.lnk
2015-05-13 09:24 - 2015-05-13 09:24 - 00001093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-05-13 07:20 - 2015-05-13 07:20 - 00002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-05-13 07:19 - 2015-04-22 21:56 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-13 06:29 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:29 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:29 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:29 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:29 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:29 - 2015-04-04 05:10 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:29 - 2015-04-04 05:10 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:29 - 2015-04-04 05:05 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:29 - 2015-04-04 05:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:29 - 2015-04-04 05:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:29 - 2015-04-04 05:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:29 - 2015-04-04 05:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:29 - 2015-04-04 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:29 - 2015-04-04 04:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:24 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:24 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:24 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 00:00 - 2015-05-12 00:00 - 00000464 __RSH C:\ProgramData\ntuser.pol
2015-05-05 08:02 - 2015-03-05 06:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-02 20:41 - 2015-04-27 21:39 - 00326288 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-05-02 20:40 - 2015-05-02 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-05-02 20:23 - 2015-05-07 14:49 - 00000000 ____D C:\Users\boki\AppData\Roaming\How Inc
2015-04-22 21:56 - 2015-04-22 21:56 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-17 16:53 - 2015-04-17 16:53 - 00000000 ____D C:\Users\boki\Documents\CyberLink
2015-04-17 16:53 - 2015-04-17 16:53 - 00000000 ____D C:\Users\boki\AppData\Roaming\CyberLink
2015-04-17 11:54 - 2015-04-17 11:54 - 00000197 _____ C:\Windows\system32\2015-04-17-09-54-43.023-AvastVBoxSVC.exe-2336.log
2015-04-17 11:22 - 2015-04-17 11:22 - 00000197 _____ C:\Windows\system32\2015-04-17-09-22-16.033-AvastVBoxSVC.exe-3708.log
2015-04-15 09:31 - 2015-04-15 09:31 - 00000197 _____ C:\Windows\system32\2015-04-15-07-31-21.024-AvastVBoxSVC.exe-3724.log
2015-04-13 21:27 - 2015-04-13 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend Recovery
2015-04-13 21:27 - 2015-04-13 21:27 - 00000000 ____D C:\Program Files\Transcend
2015-04-12 12:54 - 2015-04-12 13:25 - 00000000 ____D C:\Program Files\TeamViewer
2015-04-12 12:54 - 2015-04-12 12:54 - 00000989 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-12 08:59 - 2013-05-15 10:34 - 00010368 _____ (SMI) C:\Windows\system32\Drivers\smidriver.sys
2015-04-09 12:28 - 2015-04-09 12:28 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-09 12:28 - 2015-04-09 12:28 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-09 12:27 - 2015-05-31 18:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-04-08 09:25 - 2015-04-08 09:25 - 00000197 _____ C:\Windows\system32\2015-04-08-07-25-14.090-AvastVBoxSVC.exe-3492.log
2015-04-06 09:45 - 2015-04-06 09:46 - 00000197 _____ C:\Windows\system32\2015-04-06-07-45-57.039-AvastVBoxSVC.exe-3848.log
2015-04-05 09:26 - 2015-04-05 09:26 - 00000000 ____D C:\Users\boki\Tracing
2015-04-04 11:58 - 2015-04-04 14:42 - 00000000 ____D C:\Users\boki\AppData\Local\MEGAsync
2015-04-04 11:58 - 2015-04-04 11:58 - 00000000 ____D C:\Users\boki\AppData\Local\Mega Limited
2015-04-02 14:20 - 2015-04-02 14:20 - 00000247 _____ C:\Windows\system32\2015-04-02-12-20-28.076-aswFe.exe-4012.log
2015-04-02 14:15 - 2015-04-02 14:20 - 00000247 _____ C:\Windows\system32\2015-04-02-12-15-55.068-aswFe.exe-3572.log
2015-04-02 14:15 - 2015-04-02 14:15 - 00000197 _____ C:\Windows\system32\2015-04-02-12-15-52.073-AvastVBoxSVC.exe-3308.log
2015-03-31 11:02 - 2015-03-31 11:02 - 00000247 _____ C:\Windows\system32\2015-03-31-09-02-20.068-aswFe.exe-2712.log
2015-03-31 10:56 - 2015-03-31 10:56 - 00000197 _____ C:\Windows\system32\2015-03-31-08-56-43.019-AvastVBoxSVC.exe-1472.log
2015-03-30 08:01 - 2015-03-30 08:01 - 00000197 _____ C:\Windows\system32\2015-03-30-06-01-47.001-AvastVBoxSVC.exe-2936.log
2015-03-28 15:57 - 2015-03-28 15:57 - 00000197 _____ C:\Windows\system32\2015-03-28-13-57-48.083-AvastVBoxSVC.exe-2748.log
2015-03-28 10:13 - 2015-03-28 10:14 - 00000197 _____ C:\Windows\system32\2015-03-28-08-13-47.004-AvastVBoxSVC.exe-2764.log
2015-03-25 09:06 - 2015-03-25 09:06 - 00000197 _____ C:\Windows\system32\2015-03-25-07-06-46.074-AvastVBoxSVC.exe-1972.log

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-15 13:28 - 2015-02-04 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-15 13:26 - 2015-02-04 19:00 - 00000000 ____D C:\Users\boki\AppData\Roaming\Skype
2015-06-15 12:29 - 2015-02-05 18:39 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-15 12:26 - 2015-02-07 21:28 - 00000000 ____D C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 11:21 - 2015-02-07 21:28 - 00000000 ____D C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:57 - 2009-07-14 06:34 - 00012624 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-15 08:18 - 2015-02-05 03:42 - 01127745 _____ C:\Windows\WindowsUpdate.log
2015-06-15 08:13 - 2015-02-05 19:09 - 00020406 _____ C:\Windows\setupact.log
2015-06-15 08:13 - 2015-02-05 18:39 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 08:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-13 17:13 - 2015-02-04 18:50 - 00730320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-12 08:33 - 2015-02-05 11:59 - 00000069 _____ C:\Windows\NeroDigital.ini
2015-06-11 08:40 - 2009-07-14 06:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-11 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-11 03:43 - 2015-02-21 16:59 - 00000000 ____D C:\Program Files\Opera
2015-06-11 03:29 - 2009-07-14 06:33 - 00406024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-11 03:10 - 2015-02-04 18:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-11 03:09 - 2015-02-05 12:55 - 00000000 ____D C:\Windows\system32\MRT
2015-06-11 03:01 - 2015-02-05 12:55 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-06-10 12:32 - 2015-02-04 19:13 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-27 20:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-05-27 10:52 - 2015-02-05 11:10 - 00000000 ___RD C:\Program Files\Skype
2015-05-24 15:18 - 2015-02-04 20:16 - 00000000 ____D C:\Users\boki\AppData\Roaming\vlc
2015-05-22 17:38 - 2015-02-05 19:09 - 00212060 _____ C:\Windows\PFRO.log

==================== Files in the root of some directories =======

2015-02-04 20:12 - 2015-02-04 20:12 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-06 16:58 - 2015-02-06 16:58 - 0004886 _____ () C:\ProgramData\mtbjfghn.xbe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {a1fdda6a-acd7-11e4-9b70-ed18394bd069}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {a1fdda6c-acd7-11e4-9b70-ed18394bd069}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {a1fdda6a-acd7-11e4-9b70-ed18394bd069}
nx OptIn

Windows Boot Loader
-------------------
identifier {a1fdda6c-acd7-11e4-9b70-ed18394bd069}
device ramdisk=[C:]\Recovery\a1fdda6c-acd7-11e4-9b70-ed18394bd069\Winre.wim,{a1fdda6d-acd7-11e4-9b70-ed18394bd069}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\a1fdda6c-acd7-11e4-9b70-ed18394bd069\Winre.wim,{a1fdda6d-acd7-11e4-9b70-ed18394bd069}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {a1fdda6a-acd7-11e4-9b70-ed18394bd069}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {a1fdda6d-acd7-11e4-9b70-ed18394bd069}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\a1fdda6c-acd7-11e4-9b70-ed18394bd069\boot.sdi



LastRegBack: 2015-06-13 00:26

==================== End of log ============================

Dopuna: 15 Jun 2015 13:31

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-06-2015
Ran by boki at 2015-06-15 13:28:12
Running from C:\Users\boki\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1153890037-1905589206-642550731-500 - Administrator - Disabled)
boki (S-1-5-21-1153890037-1905589206-642550731-1000 - Administrator - Enabled) => C:\Users\boki
Guest (S-1-5-21-1153890037-1905589206-642550731-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.30 (HKLM\...\{23170F69-40C1-2701-0930-000001000000}) (Version: 9.30.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
Codec Pack - All In 1 6.0.3.0 (HKLM\...\Cool's_Codec_pack_4.12) (Version: - )
File Association Helper (HKLM\...\{8975E3CB-A762-4B14-BD62-A3972A098E82}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Nero 8 Micro 8.3.6.0 (HKLM\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
Opera Stable 30.0.1835.59 (HKLM\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Positive Finds (HKLM\...\Positive Finds) (Version: 2.0.5516.13572 - Positive Finds) <==== ATTENTION!
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - )
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30118 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: - )
Transcend Recovery V1.17 (HKLM\...\Transcend Recovery_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-1153890037-1905589206-642550731-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666 - Nullsoft, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1153890037-1905589206-642550731-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\boki\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1153890037-1905589206-642550731-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\boki\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

==================== Restore Points =========================

15-06-2015 10:00:06 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04417E31-2FB1-4155-BE19-CBE8A5402151} - System32\Tasks\{BD9BAA97-F8DD-43E2-BE7D-FA66E6702A35} => pcalua.exe -a C:\Users\boki\Downloads\OnLineRecovery_JF200_220_v1.17\OnLineRecovery_JF200_220_v1.17.exe -d C:\Users\boki\Downloads\OnLineRecovery_JF200_220_v1.17
Task: {0829B012-6A77-4DE1-9EC1-34109530722E} - System32\Tasks\{C71BCBEE-0195-47C7-ADAC-02A4B46A1C45} => pcalua.exe -a C:\Users\boki\Downloads\OnLineRecovery_v1.0.0.36\OnLineRecovery_v1.0.0.36.exe -d C:\Users\boki\Downloads\OnLineRecovery_v1.0.0.36
Task: {0A7B89A9-6009-4DD0-9972-BA82914F80D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {139C2802-8B2B-4001-8CB3-E96E4BF29BA8} - System32\Tasks\{21D1B269-6300-45F0-B178-B7D8CBFEEABC} => pcalua.exe -a C:\Users\boki\Downloads\OnLineRecovery_V15_v8.0.0.10\OnLineRecovery_V15_v8.0.0.10.exe -d C:\Users\boki\Downloads\OnLineRecovery_V15_v8.0.0.10
Task: {2911F28A-8268-444D-A05D-E03617261298} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-22] (Avast Software s.r.o.)
Task: {3E8110C9-62DF-4159-B182-6F44DDD5CEBC} - System32\Tasks\HP Deskjet 1000 J110 series.exe_{970C2947-5549-4396-8F03-3F2C44ABBC56} => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {4A7F56C4-1ACE-45B9-8C80-2154E10658C7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {9D52CE42-5941-4ACF-9B85-D1E397E9AD40} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {B4063D3C-15BB-42EF-B0B9-837169B28C11} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {C3D0ACB3-B2BD-4C6E-95CF-B849B09712B2} - System32\Tasks\Opera scheduled Autoupdate 1431501839 => C:\Program Files\Opera\launcher.exe [2015-06-10] (Opera Software)
Task: {FBAE1692-0A23-4869-A6C1-C3DF1CB7D440} - System32\Tasks\{05330BAF-C2E9-4B87-A476-D07A855CE2D3} => pcalua.exe -a C:\Users\boki\AppData\Local\Temp\Temp2_OnLineRecovery_v1.0.0.36.zip\OnLineRecovery_v1.0.0.36.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-22 21:56 - 2015-04-22 21:56 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-22 21:56 - 2015-04-22 21:56 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-14 21:42 - 2015-06-14 21:42 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061401\algo.dll
2015-06-15 10:46 - 2015-06-15 10:46 - 02954752 _____ () C:\Program Files\AVAST Software\Avast\defs\15061500\algo.dll
2015-04-22 21:56 - 2015-04-22 21:56 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-11 03:43 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files\Opera\30.0.1835.59\libglesv2.dll
2015-06-11 03:43 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files\Opera\30.0.1835.59\libegl.dll
2015-02-07 14:33 - 2015-06-15 11:21 - 00568080 _____ () C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2015-02-07 14:33 - 2015-06-15 12:26 - 00653584 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-06-15 10:26 - 2015-06-15 10:26 - 00608528 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\plugin.exe
2015-06-15 08:15 - 2015-06-15 08:15 - 01169680 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\2\plugin.exe
2015-06-15 08:15 - 2015-06-15 08:15 - 00776976 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe
2015-06-15 12:26 - 2015-06-15 12:26 - 00730384 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\plugin.exe
2015-06-15 08:15 - 2015-06-15 08:15 - 00550160 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\6\plugin.exe
2015-06-10 12:32 - 2015-06-10 12:32 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1153890037-1905589206-642550731-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\boki\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8504497A-C435-4711-88F0-09859FD6A182}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{7F1F7ABD-9450-4F18-9297-CE516FA25686}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0752CCC4-A0BB-4B0C-9017-50E072F9EB87}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe
FirewallRules: [{5494EC46-665B-4CFC-96D7-76CBB567E78A}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [{F743D0E5-A022-4401-856C-CF2C0582EF46}] => (Allow) C:\Program Files\Winamp\winamp.exe
FirewallRules: [TCP Query User{3212C388-73BD-4B02-9F3B-83A9F760EF5D}C:\program files\opera\27.0.1689.69\opera.exe] => (Block) C:\program files\opera\27.0.1689.69\opera.exe
FirewallRules: [UDP Query User{BCC599EE-2210-4FC8-A3E5-705361CBDF47}C:\program files\opera\27.0.1689.69\opera.exe] => (Block) C:\program files\opera\27.0.1689.69\opera.exe
FirewallRules: [TCP Query User{F27BAB6C-9F62-4F5E-96E1-AED07DA0F276}C:\program files\opera\28.0.1750.48\opera.exe] => (Block) C:\program files\opera\28.0.1750.48\opera.exe
FirewallRules: [UDP Query User{06FCE4F3-5ED6-4CC7-A77E-B023892245F3}C:\program files\opera\28.0.1750.48\opera.exe] => (Block) C:\program files\opera\28.0.1750.48\opera.exe
FirewallRules: [{5E1425E4-8CFA-4B3F-9FA8-87B9B81ABCF8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{59E3B5D8-14F6-4536-8241-C2247C9AC62D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{874B8DD4-AC60-4175-8748-E2F313D7257D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ECAF40C3-D959-46FC-841A-579199391AA6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{517D46EF-B6F9-4632-A97F-F6E96D6FFDFC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/15/2015 09:53:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2015 00:30:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/13/2015 00:30:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2015 00:30:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/11/2015 03:58:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/11/2015 03:10:11 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.

Context: Application, SystemIndex Catalog

Error: (06/10/2015 00:30:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2015 00:30:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/08/2015 05:26:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/08/2015 04:00:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.7601.18741, time stamp: 0x54d0347b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x880
Faulting application start time: 0xwmplayer.exe0
Faulting application path: wmplayer.exe1
Faulting module path: wmplayer.exe2
Report Id: wmplayer.exe3


System errors:
=============
Error: (06/14/2015 09:51:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (06/14/2015 09:46:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:14 PM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 09:41:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:52:00 PM on ‎6/‎14/‎2015 was unexpected.

Error: (06/14/2015 05:18:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

Error: (06/13/2015 04:02:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:59:52 PM on ‎6/‎13/‎2015 was unexpected.

Error: (06/13/2015 03:48:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:46:14 PM on ‎6/‎13/‎2015 was unexpected.

Error: (06/13/2015 00:43:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:42:17 PM on ‎6/‎13/‎2015 was unexpected.

Error: (06/13/2015 00:06:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:05:42 PM on ‎6/‎13/‎2015 was unexpected.

Error: (06/13/2015 00:03:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:01:37 PM on ‎6/‎13/‎2015 was unexpected.

Error: (06/13/2015 00:01:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of memory in use: 63%
Total physical RAM: 1791.3 MB
Available physical RAM: 656.38 MB
Total Pagefile: 3582.61 MB
Available Pagefile: 1722.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:57.57 GB) (Free:34.32 GB) NTFS
Drive d: (storage) (Fixed) (Total:175.22 GB) (Free:55.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1FDD1FDC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=57.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=175.2 GB) - (Type=05)

==================== End of log ============================

Dopuna: 15 Jun 2015 13:32

Users shortcut scan result (x86) Version: 13-06-2015
Ran by boki at 2015-06-15 13:29:03
Running from C:\Users\boki\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk -> C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk -> C:\Program Files\Winamp\UninstWA.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk -> C:\Program Files\Winamp\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend Recovery\Recovery.lnk -> C:\Program Files\Transcend\Recovery Tool\Recovery.exe (Transcenel Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend Recovery\Uninstall Transcend Recovery JF200 Tool.lnk -> C:\Program Files\Transcend\Recovery Tool\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files\Nero\Nero Burning ROM\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Help.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HelpViewer\hpqlpvwr.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Printer Setup & Software.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetupLauncher.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Product Support Website.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\ProductSupportShortcut.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Shop for Supplies.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\On-Line Registration.lnk -> C:\Program Files\CyberLink\PowerDVD\OLREG.URL ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\PowerDVD Help.lnk -> C:\Program Files\CyberLink\PowerDVD\PowerDVD.CHM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\PowerDVD.lnk -> C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\System Diagnostic.lnk -> C:\Program Files\CyberLink\PowerDVD\cldma.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni AC3.lnk -> C:\Windows\System32\ac3filter.cpl ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni DivX.lnk -> C:\Program Files\Codec Pack - All In 1\DivXconfig.exe (DivXNetworks Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\boki\Links\Desktop.lnk -> C:\Users\boki\Desktop ()
Shortcut: C:\Users\boki\Links\Downloads.lnk -> C:\Users\boki\Downloads ()
Shortcut: C:\Users\boki\Desktop\KMPlayer.lnk -> C:\Program Files\The KMPlayer\KMPlayer.exe (Pandora.TV)
Shortcut: C:\Users\boki\Desktop\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\boki\Desktop\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk -> C:\Program Files\The KMPlayer\KMPSetup.exe (http://www.kmplayer.com)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk -> C:\Program Files\The KMPlayer\KMPlayer.exe (Pandora.TV)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk -> C:\Program Files\The KMPlayer\uninstall.exe ()
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (Avast Software s.r.o.)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\PowerDVD.lnk -> C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\TeamViewer 10.lnk -> C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\Winamp.lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk -> C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.) -> /SAFE=1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ControlCenter.lnk -> C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe (Nero AG) -> MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1000 J110 series\Uninstall.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /qb /x {AB4DDFCF-6CCB-4539-920B-74AD7CFB043D}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD\Uninstall PowerDVD.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni DVobSub.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> DVobSub.ax,DirectVobSub
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack\Nastaveni XviD.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> xvid.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2BF19HBG05YD;CONNECTION=USB;MONITOR=1;
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\boki\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk -> C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe (Hewlett-Packard Co.) -> -Start UDCDevicePage
ShortcutWithArgument: C:\Users\Public\Desktop\Nero Express.lnk -> C:\Program Files\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> hxxp://webcompanion.com/faq
InternetURL: C:\Users\boki\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\boki\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\boki\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\boki\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\boki\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\boki\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\boki\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\boki\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\boki\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\boki\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\boki\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\boki\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\boki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Home Page.url -> hxxp://www.kmplayer.com/forums

==================== End of log =============================

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8448
  • Gde živiš: Novi Beograd

Pisao sam ti gore sta da uradis.

Ko je trenutno na forumu
 

Ukupno su 700 korisnika na forumu :: 21 registrovanih, 2 sakrivenih i 677 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amstel, bankulen, bojank, branko7, Hoegaarden, ILGromovnik, Krusarac, kuntalo, mane123, Nebo_M, nemkea71, Ognjen D., pein, Rakenica, sabros, Snorks, Srki98, USSVoyager, Vezista, wolf431, zljubomir