Provera nakon dužeg vremena

Provera nakon dužeg vremena

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14596
  • Gde živiš: Niš

Nemam problema sa kompom i trebalo bi da je sve u redu, ali hoću da ga proverim jer to nisam odavno uradio. Evo logova:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Milan at 9:56:18 on 2013-09-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2048.813 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_5&babsrc=HP_ss&mntrId=04a84f77000000000000001a4df25b6a
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - c:\program files\microsoft visual studio 11.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast\aswWebRepIE.dll
BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - <orphaned>
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast\aswWebRepIE.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\users\milan\appdata\local\temp\E_SDD72.tmp" /EF "HKCU"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DCAB3893B6BBBE4638C15547A398CFE19ECBC767._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFolderOptions = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\office~1\office11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9DAF76EE-69F8-4AF6-B5CE-04A45AC1FAC5} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milan\appdata\roaming\mozilla\firefox\profiles\nahd6ha2.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=04a84f77000000000000001a4df25b6a&q=
FF - user.js: extensions.BabylonToolbar.id - 04a84f77000000000000001a4df25b6a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15579
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1215:20:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=201208_mnt_n_3512_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-2 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-2 175176]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-6-4 61464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-15 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-15 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-15 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2013-5-16 46808]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2013-6-17 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2013-6-17 69640]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-8-28 84992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-8-6 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-8-6 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-22 14848]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2010-4-7 376160]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-22 49664]
.
=============== Created Last 30 ================
.
2013-09-03 07:43:09 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f161bbca-bbf2-405c-bef1-ee1d562157f7}\mpengine.dll
2013-08-28 17:29:19 -------- d-----w- c:\users\milan\appdata\local\ATI
2013-08-28 17:28:22 0 ----a-w- c:\windows\ativpsrm.bin
2013-08-28 17:24:58 -------- d-----w- c:\programdata\AMD
2013-08-28 17:24:56 -------- d-----w- c:\program files\AMD AVT
2013-08-28 17:24:51 -------- d-----w- c:\program files\AMD APP
2013-08-28 17:24:43 -------- d-----w- c:\program files\common files\ATI Technologies
2013-08-28 17:23:02 84992 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2013-08-28 17:22:39 58880 ----a-w- c:\windows\system32\coinst_9.012.dll
2013-08-28 17:22:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-28 17:21:32 -------- d-----w- c:\program files\ATI
2013-08-28 17:19:33 -------- d-----w- c:\program files\ATI Technologies
2013-08-15 12:38:50 -------- d-----w- c:\program files\Fraps
2013-08-14 12:12:49 -------- d-----w- c:\programdata\SP_FT_Logs
2013-08-14 10:04:55 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 10:04:43 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 10:04:42 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 10:04:41 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 10:04:35 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 10:04:35 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 10:04:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 10:04:34 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 10:04:24 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 10:04:21 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 10:04:18 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 10:04:14 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-06 01:28:03 2939072 ----a-w- c:\windows\system32\pwNative.exe
2013-08-06 01:28:02 15576 ------w- c:\windows\system32\pwdrvio.sys
2013-08-06 01:27:59 10200 ------w- c:\windows\system32\pwdspio.sys
2013-08-06 01:27:06 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 8.0
.
==================== Find3M ====================
.
2013-08-28 17:04:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 12:19:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-08-02 12:19:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-28 16:19:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 16:19:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-27 13:25:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-27 13:25:33 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-27 13:25:32 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-27 20:51:22 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 20:51:22 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-17 19:41:50 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2013-06-17 19:41:00 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-06-17 19:41:00 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
.
============= FINISH: 9:57:43,17 ===============




https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pozdrav,
DDS ne pokazuje tragove malware-a. Imas zaostale kako ih mi zovemo "crapware" unose. Idemo na dodatnu proveru sistema i usput i njih da se resimo.



Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.


Dvoklikom pokreni FRST, kada se alat startuje, klikni Yes na disclaimer.
Pod "Optional Scan" sekcijom, stikliraj "List BCD" i "Driver MD5" opcije.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14596
  • Gde živiš: Niš

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013
Ran by Milan (administrator) on MILANOV-PC on 03-09-2013 10:27:41
Running from C:\Users\Milan\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity)
HKCU\...\Run: [EPSON P50 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFFE.EXE /FU "C:\Users\Milan\AppData\Local\Temp\E_SDD72.tmp" /EF "HKCU" [x]
HKCU\...\Run: [DCAB3893B6BBBE4638C15547A398CFE19ECBC767._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Policies\Explorer: [NoFolderOptions] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF user.js: detected! => C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\plugin@videofiledownload.com
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
FF Extension: artur.dubovoy - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/ig
CHR RestoreOnStartup: "hxxp://www.google.rs/ig"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Screen Capture (by Google)) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0
CHR Extension: (Speed Dial) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0
CHR Extension: (FlashBlock) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (APK Downloader) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0
CHR Extension: (Unfriend Finder) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc\41.997.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Print Friendly & PDF) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Milan\AppData\Local\Temp\ccex.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-06-17] (Nitro PDF Software)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-15] (DT Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-04-08] (Duplex Secure Ltd.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [24272 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 cpuz135; \??\C:\Program Files\PC Wizard 2012\pcwiz_x32.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 mbr; \??\C:\Users\Milan\AppData\Local\Temp\mbr.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8852D7B22CC76CBFE38FE1B539D40285
C:\Windows\System32\DRIVERS\atikmpag.sys E84DAD432A49480D3FBB7AFBD854AC1C
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 4AF5F360BA1E8794D32B366E45A64A0A
C:\Windows\system32\drivers\aswMonFlt.sys 1F7094D4268D46F718C51286DC189791
C:\Windows\System32\Drivers\aswrdr2.sys FFE9A993B3EC2908FECB1DF2C39148BB
C:\Windows\System32\Drivers\aswRvrt.sys B680134BA1813B78B47FDD1DFF223CA5
C:\Windows\System32\Drivers\aswSnx.sys CCD565A8A72AF7D45F9A242013870926
C:\Windows\System32\Drivers\aswSP.sys 937300BC7C4CDF7576BCCE44E19BBB9D
C:\Windows\System32\Drivers\aswTdi.sys 1F71F170D90E42EFDE9633D81D5E12DC
C:\Windows\System32\Drivers\aswVmm.sys 8CFAA2B965773A653F48F1207A9CB9C4
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW73.sys C7C4A32657EA691895DC5A270EB1DE77
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 42F158036BD4C2FF3122BF142E60E6FD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcmon.sys B6F5AC88A1A1FDD802CB689721D640FE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 0DBEF9CD5A2CD71240DD5AFCEE56D073
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35
C:\Windows\System32\DRIVERS\L8042Kbd.sys 4BDC18EFCDA6A0CF4A1199E2CF2D0765
C:\Windows\System32\DRIVERS\L8042mou.Sys 8741FABFE5430F8A66DF4F963B9AE508
C:\Windows\System32\DRIVERS\LHidFilt.Sys 006540C9CDC7E72ADD1435CF778EC674
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 3C5BA4B2E4D1180BF9810963A494799A
C:\Windows\System32\DRIVERS\LMouKE.Sys 7C03AC38A485BCDF158F49CBDB5EDD83
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PAC7302.SYS 5FAE249A5635A52970652CA8EB216515
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys 846FE8CBB31ECB1E8333FF395BAF5D5F
C:\Windows\system32\pwdspio.sys 3EB52E853F2F74178AC0034CA0719FB1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr61.sys E70DAB50DC67D4037A612384D649313F
C:\Windows\System32\DRIVERS\Rt86win7.sys 5283B9A27FF230F2FF70D92451FF409A
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys AB5C8F6E63674DBAD9C1E449E8FD77CE
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\DRIVERS\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 8BF5D980CDCE35FB26F05047144BB57E
C:\Windows\System32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys 31181DE6190B39FC8007DFFD1A48FFD6
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\system32\drivers\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys B79CB2163BA6EA1250EA5C686EB83B37
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys 753BD0240B6586ABA0D67A70B3EF44A0
C:\Windows\system32\drivers\VMkbd.sys 7D509B26A43D5A6A6896C8C9AD944147
C:\Windows\System32\DRIVERS\vmnetadapter.sys A267D2321ED281359D301BFEB8202652
C:\Windows\System32\DRIVERS\vmnetbridge.sys 7A4BB278D7860551A716D46349492692
C:\Windows\system32\drivers\vmnetuserif.sys 2CB5FFAFEB1BE2CDC5D13EF64583892B
C:\Windows\system32\Drivers\VMparport.sys 0724BFB49D0C93EBDA25785D46622766
C:\Windows\System32\Drivers\vmusb.sys AFB10AD9AA91D2F70C9F0E6BDA0D119B
C:\Windows\system32\Drivers\vmx86.sys D0DC0467CCFED1720E90D4476CA85E17
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 4B1B677FC0338C85E1C30BD6F1BFD584
C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys B5D64BAE14CC740749562D49404ADA7D
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 10:27 - 2013-09-03 10:27 - 00000000 ____D C:\FRST
2013-09-03 10:26 - 2013-09-03 10:26 - 01084685 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2013-09-03 09:57 - 2013-09-03 09:57 - 00016867 _____ C:\Users\Milan\Desktop\dds.txt
2013-09-03 09:57 - 2013-09-03 09:57 - 00013484 _____ C:\Users\Milan\Desktop\attach.txt
2013-09-03 09:55 - 2013-09-03 09:56 - 00688992 ____R (Swearware) C:\Users\Milan\Desktop\dds.scr
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Roaming\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Local\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\ProgramData\ATI
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD AVT
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD APP
2013-08-28 19:23 - 2012-11-06 13:11 - 00084992 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW73.sys
2013-08-28 19:22 - 2012-12-19 22:39 - 00327960 _____ C:\Windows\system32\atiapfxx.blb
2013-08-28 19:22 - 2012-12-19 22:22 - 00058880 _____ (AMD) C:\Windows\system32\coinst_9.012.dll
2013-08-28 19:22 - 2012-12-19 21:57 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-08-28 19:22 - 2012-12-19 21:42 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-08-28 19:22 - 2012-12-19 21:42 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-08-28 19:22 - 2012-11-15 18:34 - 00042719 _____ C:\Windows\atiogl.xml
2013-08-28 19:22 - 2012-09-19 21:09 - 00076660 _____ C:\Windows\system32\ativce02.dat
2013-08-28 19:22 - 2012-09-04 17:20 - 00228528 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2013-08-28 19:22 - 2012-09-04 17:20 - 00228528 _____ C:\Windows\system32\ativvaxy_cik.dat
2013-08-28 19:22 - 2011-09-13 00:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2013-08-28 19:21 - 2013-08-28 19:21 - 00000000 ____D C:\Program Files\ATI
2013-08-28 19:19 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-18 13:46 - 2013-08-18 13:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Logitech
2013-08-18 13:45 - 2013-08-18 13:45 - 00002204 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2013-08-18 13:44 - 2013-08-18 13:44 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-08-18 13:43 - 2013-08-18 13:45 - 00000000 ____D C:\Users\Guest
2013-08-18 13:43 - 2013-03-05 01:30 - 00000000 ____D C:\Users\Guest\Documents\Visual Studio 2012
2013-08-18 13:43 - 2012-04-11 20:04 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2013-08-18 13:43 - 2012-03-23 01:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2013-08-17 14:48 - 2013-08-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 20:57 - 2013-08-30 14:06 - 00000434 __RSH C:\Users\Milan\ntuser.pol
2013-08-15 14:38 - 2013-08-15 14:42 - 00000000 ____D C:\Program Files\Fraps
2013-08-15 14:38 - 2013-08-15 14:38 - 00000938 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-08-14 14:12 - 2013-08-14 14:15 - 00000000 ____D C:\Users\Milan\Desktop\Compressed
2013-08-14 14:11 - 2013-08-14 14:11 - 13122155 _____ C:\Users\Milan\Desktop\Compressed.zip
2013-08-14 12:34 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:34 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:34 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:34 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:34 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:34 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:34 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:34 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 12:04 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 12:04 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 12:04 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 12:04 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 12:04 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 12:04 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:04 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 12:04 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:04 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 11:39 - 2013-08-07 11:42 - 206569472 _____ C:\Users\Milan\Desktop\android-x86-4.2-20130228.iso
2013-08-06 03:28 - 2013-07-01 10:25 - 02939072 _____ C:\Windows\system32\pwNative.exe
2013-08-06 03:28 - 2013-07-01 10:25 - 00015576 ____N C:\Windows\system32\pwdrvio.sys
2013-08-06 03:27 - 2013-08-06 03:27 - 00001200 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.0
2013-08-06 03:27 - 2013-07-01 10:25 - 00010200 ____N C:\Windows\system32\pwdspio.sys

==================== One Month Modified Files and Folders =======

2013-09-03 10:28 - 2013-07-28 18:23 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 10:27 - 2013-09-03 10:27 - 00000000 ____D C:\FRST
2013-09-03 10:27 - 2012-04-01 22:51 - 00000000 ____D C:\Users\Milan\AppData\Roaming\BitTorrent
2013-09-03 10:27 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-03 10:26 - 2013-09-03 10:26 - 01084685 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2013-09-03 10:24 - 2012-03-29 22:50 - 00000000 ____D C:\ProgramData\MCShield
2013-09-03 10:24 - 2012-03-20 19:23 - 00790790 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 10:23 - 2013-06-15 01:12 - 00009266 _____ C:\Windows\setupact.log
2013-09-03 10:18 - 2012-12-15 18:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 09:57 - 2013-09-03 09:57 - 00016867 _____ C:\Users\Milan\Desktop\dds.txt
2013-09-03 09:57 - 2013-09-03 09:57 - 00013484 _____ C:\Users\Milan\Desktop\attach.txt
2013-09-03 09:56 - 2013-09-03 09:55 - 00688992 ____R (Swearware) C:\Users\Milan\Desktop\dds.scr
2013-09-03 09:48 - 2012-03-20 19:12 - 01227745 _____ C:\Windows\WindowsUpdate.log
2013-09-02 19:25 - 2013-07-28 18:23 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 00:20 - 2013-06-30 13:57 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Nitro PDF
2013-09-01 00:20 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-30 14:06 - 2013-08-15 20:57 - 00000434 __RSH C:\Users\Milan\ntuser.pol
2013-08-30 14:06 - 2012-03-20 19:12 - 00000000 ____D C:\Users\Milan
2013-08-30 11:35 - 2012-03-23 13:37 - 00000132 _____ C:\Users\Milan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-29 11:07 - 2009-07-14 06:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 11:07 - 2009-07-14 06:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 11:02 - 2013-03-28 17:19 - 00000000 ____D C:\ProgramData\VMware
2013-08-29 11:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 00:57 - 2012-03-21 18:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 00:29 - 2013-08-02 14:41 - 00000000 ____D C:\Users\Milan\AppData\Local\CrashDumps
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Roaming\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Local\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\ProgramData\ATI
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD AVT
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD APP
2013-08-28 19:24 - 2013-08-28 19:19 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-28 19:21 - 2013-08-28 19:21 - 00000000 ____D C:\Program Files\ATI
2013-08-28 19:13 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-28 19:11 - 2012-12-15 17:59 - 00000000 ____D C:\Program Files\Avast
2013-08-28 19:09 - 2012-03-20 19:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-28 19:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-08-28 19:05 - 2013-06-29 15:00 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-08-28 19:04 - 2013-06-29 15:00 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-08-20 16:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-08-19 14:08 - 2012-12-06 19:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 13:46 - 2013-08-18 13:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Logitech
2013-08-18 13:45 - 2013-08-18 13:45 - 00002204 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2013-08-18 13:45 - 2013-08-18 13:43 - 00000000 ____D C:\Users\Guest
2013-08-18 13:44 - 2013-08-18 13:44 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-08-17 14:48 - 2013-08-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 14:42 - 2013-08-15 14:38 - 00000000 ____D C:\Program Files\Fraps
2013-08-15 14:38 - 2013-08-15 14:38 - 00000938 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-08-14 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 15:37 - 2013-07-03 23:29 - 00000000 ____D C:\Windows\rescache
2013-08-14 14:15 - 2013-08-14 14:12 - 00000000 ____D C:\Users\Milan\Desktop\Compressed
2013-08-14 14:12 - 2012-03-20 19:12 - 00000000 ____D C:\Users\Milan\AppData\Local\VirtualStore
2013-08-14 14:11 - 2013-08-14 14:11 - 13122155 _____ C:\Users\Milan\Desktop\Compressed.zip
2013-08-14 12:44 - 2013-08-02 11:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:41 - 2012-03-20 20:13 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 11:42 - 2013-08-07 11:39 - 206569472 _____ C:\Users\Milan\Desktop\android-x86-4.2-20130228.iso
2013-08-07 04:22 - 2012-03-20 19:34 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-06 03:27 - 2013-08-06 03:27 - 00001200 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.0
2013-08-05 23:22 - 2013-03-28 17:21 - 00000000 ____D C:\Users\Milan\AppData\Local\VMware
2013-08-05 22:01 - 2013-03-28 17:21 - 00000000 ____D C:\Users\Milan\AppData\Roaming\VMware

Files to move or delete:
====================
C:\Users\Milan\AppData\Local\Temp\DSETUP.dll
C:\Users\Milan\AppData\Local\Temp\dsetup32.dll
C:\Users\Milan\AppData\Local\Temp\DXSETUP.exe
C:\Users\Milan\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Milan\AppData\Local\Temp\nvStInst.exe
C:\Users\Milan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Milan\AppData\Local\Temp\SRLDetectionLibrary535517587454138512.dll
C:\Users\Milan\AppData\Local\Temp\Uninstall.exe
C:\Users\Milan\AppData\Local\Temp\Setup0000082c\OSETUP.DLL
C:\Users\Milan\AppData\Local\Temp\Setup0000082c\OSETUPUI.DLL

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {current}
resumeobject {9e4c3447-7382-11e1-b3e6-806e6f6e6963}
displayorder {current}
{f11feef3-73cc-11e1-b703-b5f77490ed58}
timeout 15
displaybootmenu Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Ultimate
locale en-US
recoverysequence {f11feef1-73cc-11e1-b703-b5f77490ed58}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9e4c3447-7382-11e1-b3e6-806e6f6e6963}

Windows Boot Loader
-------------------
identifier {f11feef1-73cc-11e1-b703-b5f77490ed58}
device ramdisk=[C:]\Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\Winre.wim,{f11feef2-73cc-11e1-b703-b5f77490ed58}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[C:]\Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\Winre.wim,{f11feef2-73cc-11e1-b703-b5f77490ed58}
systemroot \windows
winpe Yes

Resume from Hibernate
---------------------
identifier {9e4c3447-7382-11e1-b3e6-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US

Real-mode Boot Sector
---------------------
identifier {f11feef3-73cc-11e1-b703-b5f77490ed58}
device partition=C:
path \NST\AutoNeoGrub0.mbr
description Xubuntu

Device options
--------------
identifier {f11feef2-73cc-11e1-b703-b5f77490ed58}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\boot.sdi



LastRegBack: 2013-09-01 14:25

==================== End Of Log ============================




https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Pre nego sto nastavimo moras mi reci da li ti je poznata ova internet stranica kao i njegova vezana extenzija za Firefox?
http://moikrug.ru/
Firefox
Citat:Yandex Elements

Pitam zbog ovoga:
http://www.pcrisk.com/removal-guides/6990-remove-yandex-toolbar
Citat:Related to Yandex toolbar is a browser extension developed by a reputable Russian search engine. A great many computer users report that Yandex toolbar was installed on their computers without their consent and they experience unwanted redirects to yandex.com

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14596
  • Gde živiš: Niš

Stranica mi nije poznata, ali mi logo deluje poznato. Moguće je da sam nekada kroz pretragu naleteo na tu stranicu, ali ne preko Firefox-a već preko Chrome-a jer Firefox koristim samo za mail sa faksa. Što se tiče ekstenzija i toolbara, obraćam pažnju da ih izbegavam pri svakoj instalaciji. Svakako, taj yandex mi nije poznat.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

Ok-et. Smile

Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Local\Temp\*.*
CMD: ipconfig /flushdns
END


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe, klikni na dugme Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum


------ potom ------


Idemo na proveru na visem nivou, AntiRootkit provera:


Preuzmi aswMBR sa ovog ili ovog linka i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14596
  • Gde živiš: Niš

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2013
Ran by Milan at 2013-09-03 11:30:52 Run:1
Running from C:\Users\Milan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Local\Temp\*.*
CMD: ipconfig /flushdns
END
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Moikrug => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Moikrug => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru => Moved successfully.
"C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru " => File/Directory not found.

"C:\Users\Milan\AppData\Local\Temp\*.* " directory move:

Could not move "C:\Users\Milan\AppData\Local\Temp\*.* " directory. => Scheduled to move on reboot.


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

"C:\Users\Milan\AppData\Local\Temp\*.* " => Directory could not move.

==== End of Fixlog ====


====================================================


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-03 11:37:13
-----------------------------
11:37:13.906 OS Version: Windows 6.1.7601 Service Pack 1
11:37:13.906 Number of processors: 2 586 0xF0D
11:37:13.909 ComputerName: MILANOV-PC UserName: Milan
11:37:17.650 Initialize success
11:37:17.910 AVAST engine defs: 13090200
11:37:54.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:37:54.290 Disk 0 Vendor: WDC_WD5000AAKX-003CA0 15.01H15 Size: 476938MB BusType: 3
11:37:54.295 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
11:37:54.299 Disk 1 Vendor: WDC_WD2500AAKS-00YGA0 12.01C02 Size: 238474MB BusType: 3
11:37:54.309 Disk 0 MBR read successfully
11:37:54.313 Disk 0 MBR scan
11:37:54.320 Disk 0 Windows 7 default MBR code
11:37:54.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67238 MB offset 2048
11:37:54.346 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 204850 MB offset 137705472
11:37:54.371 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204847 MB offset 557238272
11:37:54.381 Disk 0 scanning sectors +976764928
11:37:54.457 Disk 0 scanning C:\Windows\system32\drivers
11:38:06.733 Service scanning
11:38:30.549 Modules scanning
11:38:45.210 Disk 0 trace - called modules:
11:38:45.232 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8526a1e8]<<
11:38:45.241 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8605a7f0]
11:38:45.248 3 CLASSPNP.SYS[897a759e] -> nt!IofCallDriver -> [0x85232c30]
11:38:45.255 5 ACPI.sys[88f943d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852cb610]
11:38:45.262 \Driver\atapi[0x85232b48] -> IRP_MJ_CREATE -> 0x8526a1e8
11:38:45.838 AVAST engine scan C:\Windows
11:38:47.597 AVAST engine scan C:\Windows\system32
11:42:37.740 AVAST engine scan C:\Windows\system32\drivers
11:42:54.525 AVAST engine scan C:\Users\Milan
11:57:49.873 AVAST engine scan C:\ProgramData
12:03:17.909 Scan finished successfully
12:04:44.437 Disk 0 MBR has been saved successfully to "C:\Users\Milan\Desktop\MBR.dat"
12:04:44.447 The log file has been saved successfully to "C:\Users\Milan\Desktop\aswMBR.txt"

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6101

To bi bilo to. Nema ovde nicega, nema malware-a. Isprati i ove korake, doprinece radu racunara.

Arrow Uklanjamo eventualne ostatke:
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

Nije mi potreban njegov log.

------ potom ------

Arrow Brisemo Temp i Junk :
Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.

------ potom ------

Arrow Uklanjamo alate:
Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije mi potreban njegov log.






To je to. Wink

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14596
  • Gde živiš: Niš

Odradio. Živ bio! Very Happy Ziveli

Ko je trenutno na forumu
 

Ukupno su 783 korisnika na forumu :: 33 registrovanih, 6 sakrivenih i 744 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andrija357, antosky, Bahuss, Battlehammer, branko7, Cirkon, cole77, deNSki, Doca, Duh sa sekirom, Džordžino, goxin, ILGromovnik, ivan979, Konda, mercedesamg, Mercury, moldway, mustangkg, nuke92, operniki, Pavac, Sr.Stat., Srki94, Srki98, suton, ucenik32, USSVoyager, W123, zillbg, zixmix