Provera nakon dužeg vremena

Provera nakon dužeg vremena

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14692
  • Gde živiš: Niš

Nemam problema sa kompom i trebalo bi da je sve u redu, ali hoću da ga proverim jer to nisam odavno uradio. Evo logova:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Milan at 9:56:18 on 2013-09-03
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2048.813 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=201208_mnt_n_3512_5&babsrc=HP_ss&mntrId=04a84f77000000000000001a4df25b6a
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - c:\program files\microsoft visual studio 11.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast\aswWebRepIE.dll
BHO: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - <orphaned>
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast\aswWebRepIE.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\users\milan\appdata\local\temp\E_SDD72.tmp" /EF "HKCU"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DCAB3893B6BBBE4638C15547A398CFE19ECBC767._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFolderOptions = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\office~1\office11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9DAF76EE-69F8-4AF6-B5CE-04A45AC1FAC5} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\milan\appdata\roaming\mozilla\firefox\profiles\nahd6ha2.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=04a84f77000000000000001a4df25b6a&q=
FF - user.js: extensions.BabylonToolbar.id - 04a84f77000000000000001a4df25b6a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15579
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1215:20:56
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=201208_mnt_n_3512_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-2 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-2 175176]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-6-4 61464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-15 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-15 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-15 242240]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-15 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2013-5-16 46808]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2013-6-17 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2013-6-17 69640]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-8-28 84992]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-8-6 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-8-6 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-22 14848]
S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr61.sys [2010-4-7 376160]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;c:\program files\windows kits\8.0\testing\runtimes\taef\Wex.Services.exe [2012-7-25 94208]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-22 49664]
.
=============== Created Last 30 ================
.
2013-09-03 07:43:09 7166848 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f161bbca-bbf2-405c-bef1-ee1d562157f7}\mpengine.dll
2013-08-28 17:29:19 -------- d-----w- c:\users\milan\appdata\local\ATI
2013-08-28 17:28:22 0 ----a-w- c:\windows\ativpsrm.bin
2013-08-28 17:24:58 -------- d-----w- c:\programdata\AMD
2013-08-28 17:24:56 -------- d-----w- c:\program files\AMD AVT
2013-08-28 17:24:51 -------- d-----w- c:\program files\AMD APP
2013-08-28 17:24:43 -------- d-----w- c:\program files\common files\ATI Technologies
2013-08-28 17:23:02 84992 ----a-w- c:\windows\system32\drivers\AtihdW73.sys
2013-08-28 17:22:39 58880 ----a-w- c:\windows\system32\coinst_9.012.dll
2013-08-28 17:22:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-28 17:21:32 -------- d-----w- c:\program files\ATI
2013-08-28 17:19:33 -------- d-----w- c:\program files\ATI Technologies
2013-08-15 12:38:50 -------- d-----w- c:\program files\Fraps
2013-08-14 12:12:49 -------- d-----w- c:\programdata\SP_FT_Logs
2013-08-14 10:04:55 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 10:04:43 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-14 10:04:42 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-08-14 10:04:41 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-08-14 10:04:35 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 10:04:35 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 10:04:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 10:04:34 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 10:04:24 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 10:04:21 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 10:04:18 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-14 10:04:14 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-06 01:28:03 2939072 ----a-w- c:\windows\system32\pwNative.exe
2013-08-06 01:28:02 15576 ------w- c:\windows\system32\pwdrvio.sys
2013-08-06 01:27:59 10200 ------w- c:\windows\system32\pwdspio.sys
2013-08-06 01:27:06 -------- d-----w- c:\program files\MiniTool Partition Wizard Home Edition 8.0
.
==================== Find3M ====================
.
2013-08-28 17:04:48 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-08-07 02:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 12:19:19 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2013-08-02 12:19:19 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2013-07-28 16:19:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-28 16:19:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-27 13:25:36 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-27 13:25:33 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-27 13:25:32 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-26 03:13:24 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-26 01:59:38 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-27 20:51:22 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-27 20:51:22 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-17 19:41:50 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2013-06-17 19:41:00 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2013-06-17 19:41:00 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
.
============= FINISH: 9:57:43,17 ===============




https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pozdrav,
DDS ne pokazuje tragove malware-a. Imas zaostale kako ih mi zovemo "crapware" unose. Idemo na dodatnu proveru sistema i usput i njih da se resimo.



Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.


Dvoklikom pokreni FRST, kada se alat startuje, klikni Yes na disclaimer.
Pod "Optional Scan" sekcijom, stikliraj "List BCD" i "Driver MD5" opcije.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14692
  • Gde živiš: Niš

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013
Ran by Milan (administrator) on MILANOV-PC on 03-09-2013 10:27:41
Running from C:\Users\Milan\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Nitro PDF Software) C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\system32\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(VMware, Inc.) C:\Windows\system32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(AVAST Software) C:\Program Files\Avast\AvastUI.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Program Files\BitTorrent\BitTorrent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2238704 2013-02-21] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\mcshieldrtm.exe [583680 2012-03-12] (MyCity)
HKCU\...\Run: [EPSON P50 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFFE.EXE /FU "C:\Users\Milan\AppData\Local\Temp\E_SDD72.tmp" /EF "HKCU" [x]
HKCU\...\Run: [DCAB3893B6BBBE4638C15547A398CFE19ECBC767._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [829392 2013-08-24] (Google Inc.)
HKCU\...\Policies\Explorer: [NoFolderOptions] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
BHO: No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF user.js: detected! => C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\plugin@videofiledownload.com
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
FF Extension: artur.dubovoy - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR HomePage: hxxp://www.google.rs/ig
CHR RestoreOnStartup: "hxxp://www.google.rs/ig"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll No File
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (YouTube) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Screen Capture (by Google)) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.6_0
CHR Extension: (Speed Dial) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.3_0
CHR Extension: (FlashBlock) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0
CHR Extension: (Windows Media Player Extension for HTML5) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0
CHR Extension: (APK Downloader) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdpglblnnaocjhfenhockgamhoogihfi\1.5.1_0
CHR Extension: (Unfriend Finder) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijknldiopccnikfclcmmjnponjkicbc\41.997.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Print Friendly & PDF) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj\2.3_0
CHR Extension: (Gmail) - C:\Users\Milan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR HKLM\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files\OApps\chromeaddon.crx
CHR HKLM\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Milan\AppData\Local\Temp\ccex.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 fussvc; C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [133632 2012-07-25] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe [196616 2013-06-17] (Nitro PDF Software)
S3 Te.Service; C:\Program Files\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [94208 2012-07-25] (Microsoft Corporation)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\Windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-15] (DT Soft Ltd)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [457856 2007-06-14] (PixArt Imaging Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [473656 2012-04-08] (Duplex Secure Ltd.)
R3 vmkbd; C:\Windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\Drivers\VMparport.sys [24272 2013-02-26] (VMware, Inc.)
S3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [31280 2012-10-11] (VMware, Inc.)
R2 vmx86; C:\Windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys [55416 2012-07-13] (Microsoft Corporation)
S3 cpuz135; \??\C:\Program Files\PC Wizard 2012\pcwiz_x32.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 mbr; \??\C:\Users\Milan\AppData\Local\Temp\mbr.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 8852D7B22CC76CBFE38FE1B539D40285
C:\Windows\System32\DRIVERS\atikmpag.sys E84DAD432A49480D3FBB7AFBD854AC1C
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aswFsBlk.sys 4AF5F360BA1E8794D32B366E45A64A0A
C:\Windows\system32\drivers\aswMonFlt.sys 1F7094D4268D46F718C51286DC189791
C:\Windows\System32\Drivers\aswrdr2.sys FFE9A993B3EC2908FECB1DF2C39148BB
C:\Windows\System32\Drivers\aswRvrt.sys B680134BA1813B78B47FDD1DFF223CA5
C:\Windows\System32\Drivers\aswSnx.sys CCD565A8A72AF7D45F9A242013870926
C:\Windows\System32\Drivers\aswSP.sys 937300BC7C4CDF7576BCCE44E19BBB9D
C:\Windows\System32\Drivers\aswTdi.sys 1F71F170D90E42EFDE9633D81D5E12DC
C:\Windows\System32\Drivers\aswVmm.sys 8CFAA2B965773A653F48F1207A9CB9C4
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW73.sys C7C4A32657EA691895DC5A270EB1DE77
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 42F158036BD4C2FF3122BF142E60E6FD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 687AF6BB383885FF6A64071B189A7F3E
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\system32\drivers\hcmon.sys B6F5AC88A1A1FDD802CB689721D640FE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 0DBEF9CD5A2CD71240DD5AFCEE56D073
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys 5FE1ABF1AF591A3458C9CF24ED9A4D35
C:\Windows\System32\DRIVERS\L8042Kbd.sys 4BDC18EFCDA6A0CF4A1199E2CF2D0765
C:\Windows\System32\DRIVERS\L8042mou.Sys 8741FABFE5430F8A66DF4F963B9AE508
C:\Windows\System32\DRIVERS\LHidFilt.Sys 006540C9CDC7E72ADD1435CF778EC674
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 3C5BA4B2E4D1180BF9810963A494799A
C:\Windows\System32\DRIVERS\LMouKE.Sys 7C03AC38A485BCDF158F49CBDB5EDD83
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PAC7302.SYS 5FAE249A5635A52970652CA8EB216515
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\pwdrvio.sys 846FE8CBB31ECB1E8333FF395BAF5D5F
C:\Windows\system32\pwdspio.sys 3EB52E853F2F74178AC0034CA0719FB1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr61.sys E70DAB50DC67D4037A612384D649313F
C:\Windows\System32\DRIVERS\Rt86win7.sys 5283B9A27FF230F2FF70D92451FF409A
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys AB5C8F6E63674DBAD9C1E449E8FD77CE
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\DRIVERS\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys 9CE253214ACAA5A7D323327D2055EFAA
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl.sys 8BF5D980CDCE35FB26F05047144BB57E
C:\Windows\System32\drivers\usbaudio.sys 1D9F2BD026E8E2D45033A4DF3F16B78C
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys 31181DE6190B39FC8007DFFD1A48FFD6
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\system32\drivers\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys B79CB2163BA6EA1250EA5C686EB83B37
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmci.sys 753BD0240B6586ABA0D67A70B3EF44A0
C:\Windows\system32\drivers\VMkbd.sys 7D509B26A43D5A6A6896C8C9AD944147
C:\Windows\System32\DRIVERS\vmnetadapter.sys A267D2321ED281359D301BFEB8202652
C:\Windows\System32\DRIVERS\vmnetbridge.sys 7A4BB278D7860551A716D46349492692
C:\Windows\system32\drivers\vmnetuserif.sys 2CB5FFAFEB1BE2CDC5D13EF64583892B
C:\Windows\system32\Drivers\VMparport.sys 0724BFB49D0C93EBDA25785D46622766
C:\Windows\System32\Drivers\vmusb.sys AFB10AD9AA91D2F70C9F0E6BDA0D119B
C:\Windows\system32\Drivers\vmx86.sys D0DC0467CCFED1720E90D4476CA85E17
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vsock.sys 4B1B677FC0338C85E1C30BD6F1BFD584
C:\Program Files\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\VSPerfDrv110.sys B5D64BAE14CC740749562D49404ADA7D
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-03 10:27 - 2013-09-03 10:27 - 00000000 ____D C:\FRST
2013-09-03 10:26 - 2013-09-03 10:26 - 01084685 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2013-09-03 09:57 - 2013-09-03 09:57 - 00016867 _____ C:\Users\Milan\Desktop\dds.txt
2013-09-03 09:57 - 2013-09-03 09:57 - 00013484 _____ C:\Users\Milan\Desktop\attach.txt
2013-09-03 09:55 - 2013-09-03 09:56 - 00688992 ____R (Swearware) C:\Users\Milan\Desktop\dds.scr
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Roaming\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Local\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\ProgramData\ATI
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD AVT
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD APP
2013-08-28 19:23 - 2012-11-06 13:11 - 00084992 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW73.sys
2013-08-28 19:22 - 2012-12-19 22:39 - 00327960 _____ C:\Windows\system32\atiapfxx.blb
2013-08-28 19:22 - 2012-12-19 22:22 - 00058880 _____ (AMD) C:\Windows\system32\coinst_9.012.dll
2013-08-28 19:22 - 2012-12-19 21:57 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2013-08-28 19:22 - 2012-12-19 21:42 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2013-08-28 19:22 - 2012-12-19 21:42 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2013-08-28 19:22 - 2012-11-15 18:34 - 00042719 _____ C:\Windows\atiogl.xml
2013-08-28 19:22 - 2012-09-19 21:09 - 00076660 _____ C:\Windows\system32\ativce02.dat
2013-08-28 19:22 - 2012-09-04 17:20 - 00228528 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2013-08-28 19:22 - 2012-09-04 17:20 - 00228528 _____ C:\Windows\system32\ativvaxy_cik.dat
2013-08-28 19:22 - 2011-09-13 00:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2013-08-28 19:21 - 2013-08-28 19:21 - 00000000 ____D C:\Program Files\ATI
2013-08-28 19:19 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-18 13:46 - 2013-08-18 13:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Logitech
2013-08-18 13:45 - 2013-08-18 13:45 - 00002204 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2013-08-18 13:44 - 2013-08-18 13:44 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-08-18 13:43 - 2013-08-18 13:45 - 00000000 ____D C:\Users\Guest
2013-08-18 13:43 - 2013-03-05 01:30 - 00000000 ____D C:\Users\Guest\Documents\Visual Studio 2012
2013-08-18 13:43 - 2012-04-11 20:04 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
2013-08-18 13:43 - 2012-03-23 01:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2013-08-17 14:48 - 2013-08-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 20:57 - 2013-08-30 14:06 - 00000434 __RSH C:\Users\Milan\ntuser.pol
2013-08-15 14:38 - 2013-08-15 14:42 - 00000000 ____D C:\Program Files\Fraps
2013-08-15 14:38 - 2013-08-15 14:38 - 00000938 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-08-14 14:12 - 2013-08-14 14:15 - 00000000 ____D C:\Users\Milan\Desktop\Compressed
2013-08-14 14:11 - 2013-08-14 14:11 - 13122155 _____ C:\Users\Milan\Desktop\Compressed.zip
2013-08-14 12:34 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 12:34 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 12:34 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 12:34 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 12:34 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 12:34 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 12:34 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 12:34 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 12:34 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 12:04 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 12:04 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 12:04 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 12:04 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 12:04 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 12:04 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 12:04 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 12:04 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 12:04 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 12:04 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 11:39 - 2013-08-07 11:42 - 206569472 _____ C:\Users\Milan\Desktop\android-x86-4.2-20130228.iso
2013-08-06 03:28 - 2013-07-01 10:25 - 02939072 _____ C:\Windows\system32\pwNative.exe
2013-08-06 03:28 - 2013-07-01 10:25 - 00015576 ____N C:\Windows\system32\pwdrvio.sys
2013-08-06 03:27 - 2013-08-06 03:27 - 00001200 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.0
2013-08-06 03:27 - 2013-07-01 10:25 - 00010200 ____N C:\Windows\system32\pwdspio.sys

==================== One Month Modified Files and Folders =======

2013-09-03 10:28 - 2013-07-28 18:23 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-03 10:27 - 2013-09-03 10:27 - 00000000 ____D C:\FRST
2013-09-03 10:27 - 2012-04-01 22:51 - 00000000 ____D C:\Users\Milan\AppData\Roaming\BitTorrent
2013-09-03 10:27 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-09-03 10:26 - 2013-09-03 10:26 - 01084685 _____ (Farbar) C:\Users\Milan\Desktop\FRST.exe
2013-09-03 10:24 - 2012-03-29 22:50 - 00000000 ____D C:\ProgramData\MCShield
2013-09-03 10:24 - 2012-03-20 19:23 - 00790790 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-03 10:23 - 2013-06-15 01:12 - 00009266 _____ C:\Windows\setupact.log
2013-09-03 10:18 - 2012-12-15 18:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-03 09:57 - 2013-09-03 09:57 - 00016867 _____ C:\Users\Milan\Desktop\dds.txt
2013-09-03 09:57 - 2013-09-03 09:57 - 00013484 _____ C:\Users\Milan\Desktop\attach.txt
2013-09-03 09:56 - 2013-09-03 09:55 - 00688992 ____R (Swearware) C:\Users\Milan\Desktop\dds.scr
2013-09-03 09:48 - 2012-03-20 19:12 - 01227745 _____ C:\Windows\WindowsUpdate.log
2013-09-02 19:25 - 2013-07-28 18:23 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-01 00:20 - 2013-06-30 13:57 - 00000000 ____D C:\Users\Milan\AppData\Roaming\Nitro PDF
2013-09-01 00:20 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-30 14:06 - 2013-08-15 20:57 - 00000434 __RSH C:\Users\Milan\ntuser.pol
2013-08-30 14:06 - 2012-03-20 19:12 - 00000000 ____D C:\Users\Milan
2013-08-30 11:35 - 2012-03-23 13:37 - 00000132 _____ C:\Users\Milan\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-08-29 11:07 - 2009-07-14 06:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 11:07 - 2009-07-14 06:34 - 00014336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 11:02 - 2013-03-28 17:19 - 00000000 ____D C:\ProgramData\VMware
2013-08-29 11:02 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 00:57 - 2012-03-21 18:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-29 00:29 - 2013-08-02 14:41 - 00000000 ____D C:\Users\Milan\AppData\Local\CrashDumps
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Roaming\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\Users\Milan\AppData\Local\ATI
2013-08-28 19:29 - 2013-08-28 19:29 - 00000000 ____D C:\ProgramData\ATI
2013-08-28 19:28 - 2013-08-28 19:28 - 00000000 _____ C:\Windows\ativpsrm.bin
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\ProgramData\AMD
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD AVT
2013-08-28 19:24 - 2013-08-28 19:24 - 00000000 ____D C:\Program Files\AMD APP
2013-08-28 19:24 - 2013-08-28 19:19 - 00000000 ____D C:\Program Files\ATI Technologies
2013-08-28 19:21 - 2013-08-28 19:21 - 00000000 ____D C:\Program Files\ATI
2013-08-28 19:13 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt
2013-08-28 19:11 - 2012-12-15 17:59 - 00000000 ____D C:\Program Files\Avast
2013-08-28 19:09 - 2012-03-20 19:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-28 19:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-08-28 19:05 - 2013-06-29 15:00 - 00000680 _____ C:\Windows\LkmdfCoInst.log
2013-08-28 19:04 - 2013-06-29 15:00 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-08-20 16:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-08-19 14:08 - 2012-12-06 19:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 13:46 - 2013-08-18 13:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Logitech
2013-08-18 13:45 - 2013-08-18 13:45 - 00002204 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2013-08-18 13:45 - 2013-08-18 13:43 - 00000000 ____D C:\Users\Guest
2013-08-18 13:44 - 2013-08-18 13:44 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-08-17 14:48 - 2013-08-17 14:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-15 14:42 - 2013-08-15 14:38 - 00000000 ____D C:\Program Files\Fraps
2013-08-15 14:38 - 2013-08-15 14:38 - 00000938 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-08-14 16:53 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 15:37 - 2013-07-03 23:29 - 00000000 ____D C:\Windows\rescache
2013-08-14 14:15 - 2013-08-14 14:12 - 00000000 ____D C:\Users\Milan\Desktop\Compressed
2013-08-14 14:12 - 2012-03-20 19:12 - 00000000 ____D C:\Users\Milan\AppData\Local\VirtualStore
2013-08-14 14:11 - 2013-08-14 14:11 - 13122155 _____ C:\Users\Milan\Desktop\Compressed.zip
2013-08-14 12:44 - 2013-08-02 11:46 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 12:41 - 2012-03-20 20:13 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-07 11:42 - 2013-08-07 11:39 - 206569472 _____ C:\Users\Milan\Desktop\android-x86-4.2-20130228.iso
2013-08-07 04:22 - 2012-03-20 19:34 - 00238872 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-08-06 03:27 - 2013-08-06 03:27 - 00001200 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard Home Edition.lnk
2013-08-06 03:27 - 2013-08-06 03:27 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Home Edition 8.0
2013-08-05 23:22 - 2013-03-28 17:21 - 00000000 ____D C:\Users\Milan\AppData\Local\VMware
2013-08-05 22:01 - 2013-03-28 17:21 - 00000000 ____D C:\Users\Milan\AppData\Roaming\VMware

Files to move or delete:
====================
C:\Users\Milan\AppData\Local\Temp\DSETUP.dll
C:\Users\Milan\AppData\Local\Temp\dsetup32.dll
C:\Users\Milan\AppData\Local\Temp\DXSETUP.exe
C:\Users\Milan\AppData\Local\Temp\KMP_3.6.0.87.exe
C:\Users\Milan\AppData\Local\Temp\nvStInst.exe
C:\Users\Milan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Milan\AppData\Local\Temp\SRLDetectionLibrary535517587454138512.dll
C:\Users\Milan\AppData\Local\Temp\Uninstall.exe
C:\Users\Milan\AppData\Local\Temp\Setup0000082c\OSETUP.DLL
C:\Users\Milan\AppData\Local\Temp\Setup0000082c\OSETUPUI.DLL

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {current}
resumeobject {9e4c3447-7382-11e1-b3e6-806e6f6e6963}
displayorder {current}
{f11feef3-73cc-11e1-b703-b5f77490ed58}
timeout 15
displaybootmenu Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Ultimate
locale en-US
recoverysequence {f11feef1-73cc-11e1-b703-b5f77490ed58}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {9e4c3447-7382-11e1-b3e6-806e6f6e6963}

Windows Boot Loader
-------------------
identifier {f11feef1-73cc-11e1-b703-b5f77490ed58}
device ramdisk=[C:]\Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\Winre.wim,{f11feef2-73cc-11e1-b703-b5f77490ed58}
path \windows\system32\winload.exe
description Windows Recovery Environment (recovered)
locale
osdevice ramdisk=[C:]\Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\Winre.wim,{f11feef2-73cc-11e1-b703-b5f77490ed58}
systemroot \windows
winpe Yes

Resume from Hibernate
---------------------
identifier {9e4c3447-7382-11e1-b3e6-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (recovered)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US

Real-mode Boot Sector
---------------------
identifier {f11feef3-73cc-11e1-b703-b5f77490ed58}
device partition=C:
path \NST\AutoNeoGrub0.mbr
description Xubuntu

Device options
--------------
identifier {f11feef2-73cc-11e1-b703-b5f77490ed58}
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\2dca213e-72fa-11e1-adfd-f2c57a5ea234\boot.sdi



LastRegBack: 2013-09-01 14:25

==================== End Of Log ============================




https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Pre nego sto nastavimo moras mi reci da li ti je poznata ova internet stranica kao i njegova vezana extenzija za Firefox?
http://moikrug.ru/
Firefox
Citat:Yandex Elements

Pitam zbog ovoga:
http://www.pcrisk.com/removal-guides/6990-remove-yandex-toolbar
Citat:Related to Yandex toolbar is a browser extension developed by a reputable Russian search engine. A great many computer users report that Yandex toolbar was installed on their computers without their consent and they experience unwanted redirects to yandex.com

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14692
  • Gde živiš: Niš

Stranica mi nije poznata, ali mi logo deluje poznato. Moguće je da sam nekada kroz pretragu naleteo na tu stranicu, ali ne preko Firefox-a već preko Chrome-a jer Firefox koristim samo za mail sa faksa. Što se tiče ekstenzija i toolbara, obraćam pažnju da ih izbegavam pri svakoj instalaciji. Svakako, taj yandex mi nije poznat.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ok-et. Smile

Otvori Notepad i iskopiraj sledeći tekst koji se nalazi unutar osenčenog prostora.

START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Local\Temp\*.*
CMD: ipconfig /flushdns
END


U okviru Notepad-a klikni na File --> Save As
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe, klikni na dugme Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se Notepad, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).

Potrebno je da fixlog.txt kopiras na forum


------ potom ------


Idemo na proveru na visem nivou, AntiRootkit provera:


Preuzmi aswMBR sa ovog ili ovog linka i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14692
  • Gde živiš: Niš

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-09-2013
Ran by Milan at 2013-09-03 11:30:52 Run:1
Running from C:\Users\Milan\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
START
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112555&tt=201.....1a4df25b6a
URLSearchHook: (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - Moikrug URL = http://moikrug.ru/persons/?clid=143107&charset=utf-8&keywords={searchTerms}&submitted=1
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?clid=143107&text={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=201208_mnt_n_3512_5&babsrc=SP_ss&mntrId=04a84f77000000000000001a4df25b6a
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Extension: Yandex Elements - C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru
C:\Users\Milan\AppData\Local\Temp\*.*
CMD: ipconfig /flushdns
END
*****************

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Value deleted successfully.
HKCR\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\Moikrug => Key deleted successfully.
HKCR\Wow6432Node\CLSID\Moikrug => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru => Moved successfully.
"C:\Users\Milan\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\yasearch@yandex.ru " => File/Directory not found.

"C:\Users\Milan\AppData\Local\Temp\*.* " directory move:

Could not move "C:\Users\Milan\AppData\Local\Temp\*.* " directory. => Scheduled to move on reboot.


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== Result of Scheduled Files to move ===========

"C:\Users\Milan\AppData\Local\Temp\*.* " => Directory could not move.

==== End of Fixlog ====


====================================================


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-03 11:37:13
-----------------------------
11:37:13.906 OS Version: Windows 6.1.7601 Service Pack 1
11:37:13.906 Number of processors: 2 586 0xF0D
11:37:13.909 ComputerName: MILANOV-PC UserName: Milan
11:37:17.650 Initialize success
11:37:17.910 AVAST engine defs: 13090200
11:37:54.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:37:54.290 Disk 0 Vendor: WDC_WD5000AAKX-003CA0 15.01H15 Size: 476938MB BusType: 3
11:37:54.295 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
11:37:54.299 Disk 1 Vendor: WDC_WD2500AAKS-00YGA0 12.01C02 Size: 238474MB BusType: 3
11:37:54.309 Disk 0 MBR read successfully
11:37:54.313 Disk 0 MBR scan
11:37:54.320 Disk 0 Windows 7 default MBR code
11:37:54.324 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 67238 MB offset 2048
11:37:54.346 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 204850 MB offset 137705472
11:37:54.371 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204847 MB offset 557238272
11:37:54.381 Disk 0 scanning sectors +976764928
11:37:54.457 Disk 0 scanning C:\Windows\system32\drivers
11:38:06.733 Service scanning
11:38:30.549 Modules scanning
11:38:45.210 Disk 0 trace - called modules:
11:38:45.232 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8526a1e8]<<
11:38:45.241 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8605a7f0]
11:38:45.248 3 CLASSPNP.SYS[897a759e] -> nt!IofCallDriver -> [0x85232c30]
11:38:45.255 5 ACPI.sys[88f943d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852cb610]
11:38:45.262 \Driver\atapi[0x85232b48] -> IRP_MJ_CREATE -> 0x8526a1e8
11:38:45.838 AVAST engine scan C:\Windows
11:38:47.597 AVAST engine scan C:\Windows\system32
11:42:37.740 AVAST engine scan C:\Windows\system32\drivers
11:42:54.525 AVAST engine scan C:\Users\Milan
11:57:49.873 AVAST engine scan C:\ProgramData
12:03:17.909 Scan finished successfully
12:04:44.437 Disk 0 MBR has been saved successfully to "C:\Users\Milan\Desktop\MBR.dat"
12:04:44.447 The log file has been saved successfully to "C:\Users\Milan\Desktop\aswMBR.txt"

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

To bi bilo to. Nema ovde nicega, nema malware-a. Isprati i ove korake, doprinece radu racunara.

Arrow Uklanjamo eventualne ostatke:
Preuzmi "Xplode"-ov AdwCleaner () i sacuvaj ga na Desktop

Dvoklikom pokreni program.
Klikni na dugme [Scan] i pricekaj da program zavrsi.
Klikni na dugme [Clean]
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok


Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

Nije mi potreban njegov log.

------ potom ------

Arrow Brisemo Temp i Junk :
Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.

------ potom ------

Arrow Uklanjamo alate:
Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije mi potreban njegov log.






To je to. Wink

offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14692
  • Gde živiš: Niš

Odradio. Živ bio! Very Happy Ziveli

Ko je trenutno na forumu
 

Ukupno su 910 korisnika na forumu :: 77 registrovanih, 7 sakrivenih i 826 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Alibaba1981, aljosa7, babaroga, Boter, Brada i Gibanica, Buda Baba, cavatina, crnitrn, darkstar101, DeerHunter, dekan.m, Doca, DonRumataEstorski, dragon986, Drug pukovnik, DucicM, Duh sa sekirom, Dukelander, dule10savic, famoso, FOX, Frunze, gomago, goran.vvv, Insan, Joja, Jovan Nenad, Još malo pa deda, karevski, Kibice, Konda, Koridor, lord sir giga, Lucije Kvint, Mark Mazover, maskirovka, mercedesamg, messerschmitt, Milan A. Nikolic, milos.cbr, Mlav, mnn2, nikoladim, nuke92, panzerwaffe, pein, pera bager, pera12345, pericanet, royst33, ruger357, ruso, ser.hill, SerbFlippy, slonic_tonic, solic, Srky Boy, ss10, stagezin, Tas011, tmanda323, Toni, trajkoni018, upitnik, Van, Vlad000, VladaNS1978, vladulns, vukovi, Vule, Webb, wizzardone, x9, Zmaj001, zozi, Zvrk