Policie ČR

[tomastt]

Zdravím
Kamarád mi přivezl PC s virem Policie ČR.
po spuštěni vyskoči obrazovka policie a nejde nic dělat.
Nouzovy režim funguje pouze s příkazovým řádkem, ostatni se okamžitě restartuji.
pokusy o obnovení selhaly.
na PC je Win 7.
prosím o radu děkuji

píšu z jiného PC nakažený stoji vedle odpojeny od internetu

[tomastt]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2013 02
Ran by Giga at 2013-06-01 19:30:54 Run:
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

3 Tor
64 Bit HP CIO Components Installer (Version: 1.0.0)
ACDSee 5.0 PowerPack (Version: 5.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) - Czech (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Advanced SystemCare 3 (Version: 3.7.3)
AIO_Scan (Version: 90.0.200.000)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0126.1749.31909)
Apple Application Support (Version: 1.2.1)
Apple Software Update (Version: 2.1.1.116)
ArcSoft TotalMedia 3.5 (Version: 3.5.35.318)
Ashampoo Burning Studio 10.0.1 (Version: 10.0.1)
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
AVerMedia A835 USB TV Tuner 8.0.64.57 (Version: 8.0.64.57)
AVG Security Toolbar (Version: 15.2.0.5)
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
BufferChm (Version: 90.0.146.000)
C4200 (Version: 90.0.200.000)
C4200_doccd (Version: 90.0.200.000)
c4200_Help (Version: 90.0.200.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCleaner (Version: 3.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
Copy (Version: 90.0.146.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.146.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dream Aquarium 1.234
DVD Shrink 3.2
EasyBits GO
eSupportQFolder (Version: 1.00.0000)
Fish Fillets
Google Earth Plug-in (Version: 7.0.3.8542)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.145)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.002)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
ICQ Toolbar (Version: 3.0.0)
ICQ7.5 (Version: 7.5)
Java Auto Updater (Version: 2.0.3.1)
Java(TM) 6 Update 24 (Version: 6.0.240)
K-Lite Mega Codec Pack 7.0.0 (Version: 7.0.0)
Luxor 1.0.5.34 S
Luxor 2 - version 2.0.6.17 S
Luxor 3 - version 1.0
Luxor 4: Quest for the Afterlife - version 1.0.82
Malwarebytes' Anti-Malware
MarketResearch (Version: 90.0.146.000)
MediaInfo 0.7.57 (32-bit) (Version: 0.7.57)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service CS-CZ Language Pack (Version: 3.0.8402.2)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client CS-CZ Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Minecraft 1.4.5
Mozilla Firefox 21.0 (x86 cs) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My DSC
Nero 7 Ultra Edition (Version: 7.02.9752)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
Norton Security Scan (Version: 3.0.0.103)
Opera 12.15 (Version: 12.15.1748)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerDVD
PS_AIO_ProductContext (Version: 90.0.200.000)
PS_AIO_Software (Version: 90.0.200.000)
PS_AIO_Software_min (Version: 90.0.200.000)
PSSWCORE (Version: 2.01.0000)
QuickTime (Version: 7.66.71.0)
Registry Mechanic 10.0 (Version: 10.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Scan (Version: 9.0.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.3 (Version: 6.3.105)
SnugTV Station (Version: 3.8.1)
SolutionCenter (Version: 90.0.146.000)
Status (Version: 90.0.146.000)
swMSM (Version: 12.0.0.1)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
Ulead Straight-to-Disc SDK (Version: 3.5)
Unity Web Player (Version: )
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VideoToolkit01 (Version: 90.0.146.000)
WebReg (Version: 90.0.146.000)
Winamp (remove only)
Windows XP Creativity Fun Packs - Windows Media Player 9 Series (Version: 1.00.0000)
WinFast Dongle Mini Device Utilities (Version: 3.0.0.0)
WinFast DTV Dongle Mini
WinRAR
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zoner Photo Studio 12 (Version: 12.0.1.5)

==================== Restore Points =========================


==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost


==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Uživatelská infračervená zařízení
Description: Uživatelská infračervená zařízení
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2013 11:21:37 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 21.0.0.4879, časové razítko: 0x518ec3cc
Název chybujícího modulu: xul.dll, verze: 21.0.0.4879, časové razítko: 0x518ec306
Kód výjimky: 0xc0000005
Posun chyby: 0x001c9789
ID chybujícího procesu: 0x12a0
Čas spuštění chybující aplikace: 0xfirefox.exe0
Cesta k chybující aplikaci: firefox.exe1
Cesta k chybujícímu modulu: firefox.exe2
ID zprávy: firefox.exe3

Error: (05/28/2013 07:03:32 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: OUTLOOK.EXE, verze: 11.0.8326.0, časové razítko: 0x4c1c2372
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000f0
ID chybujícího procesu: 0x1394
Čas spuštění chybující aplikace: 0xOUTLOOK.EXE0
Cesta k chybující aplikaci: OUTLOOK.EXE1
Cesta k chybujícímu modulu: OUTLOOK.EXE2
ID zprávy: OUTLOOK.EXE3

Error: (05/26/2013 07:10:07 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/23/2013 07:13:53 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 21.0.0.4879, časové razítko: 0x518ec367
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725, časové razítko: 0x4ec49b8f
Kód výjimky: 0xc0000374
Posun chyby: 0x000ce6c3
ID chybujícího procesu: 0x13b8
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (05/21/2013 10:14:23 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: TotalMedia.exe, verze: 3.5.35.318, časové razítko: 0x4ae4f803
Název chybujícího modulu: uDirector.dll, verze: 1.0.0.6, časové razítko: 0x48df25bf
Kód výjimky: 0xc0000005
Posun chyby: 0x00003da3
ID chybujícího procesu: 0x1348
Čas spuštění chybující aplikace: 0xTotalMedia.exe0
Cesta k chybující aplikaci: TotalMedia.exe1
Cesta k chybujícímu modulu: TotalMedia.exe2
ID zprávy: TotalMedia.exe3

Error: (05/19/2013 07:08:06 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/17/2013 00:08:07 AM) (Source: Application Hang) (User: )
Description: Program TotalMedia.exe verze 3.5.35.318 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ca0

Čas spuštění: 01ce526b385846c7

Čas ukončení: 36

Cesta k aplikaci: C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe

ID hlášení: 142f1bdf-be75-11e2-8385-1c6f6582f82d

Error: (05/15/2013 08:35:33 PM) (Source: Application Hang) (User: )
Description: Program TotalMedia.exe verze 3.5.35.318 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 5c0

Čas spuštění: 01ce519070b59da5

Čas ukončení: 48

Cesta k aplikaci: C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe

ID hlášení: 36a5e01a-bd8e-11e2-9821-1c6f6582f82d

Error: (05/12/2013 07:08:40 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/12/2013 06:00:52 PM) (Source: Application Hang) (User: )
Description: Program TotalMedia.exe verze 3.5.35.318 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 258

Čas spuštění: 01ce4f2516b7d129

Čas ukončení: 46

Cesta k aplikaci: C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe

ID hlášení: 1b09ccb3-bb1d-11e2-ab33-1c6f6582f82d


System errors:
=============
Error: (06/01/2013 07:29:45 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/01/2013 07:28:23 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 zjistil chybu při pokusu o aktualizaci podpisů.

Nová verze podpisu:

Předchozí verze podpisu: 1.151.1315.0

Zdroj aktualizace: %NT AUTHORITY59

Fáze aktualizace: 4.2.0223.00

Zdrojová cesta: 4.2.0223.01

Typ podpisu: %NT AUTHORITY602

Typ aktualizace: %NT AUTHORITY604

Uživatel: NT AUTHORITY\SYSTEM

Aktuální verze modulu: %NT AUTHORITY605

Předchozí verze modulu: %NT AUTHORITY606

Kód chyby: %NT AUTHORITY607

Popis chyby: %NT AUTHORITY608

Error: (06/01/2013 07:28:23 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/01/2013 07:18:59 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/01/2013 07:18:59 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/01/2013 07:18:59 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/01/2013 07:18:59 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/01/2013 07:18:58 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/01/2013 07:18:00 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
AFD
CSC
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
sptd
tdx
Wanarpv6
WfpLwf

Error: (06/01/2013 07:18:00 PM) (Source: Service Control Manager) (User: )
Description: Služba Sledování umístění v síti (NLA) závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/28/2013 11:21:37 PM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978912a001ce5b702afd96d0C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll93c70378-c7dc-11e2-8170-1c6f6582f82d

Error: (05/28/2013 07:03:32 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005000000f0139401ce5ba8d5881a1dC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEunknown864310df-c7b8-11e2-8170-1c6f6582f82d

Error: (05/26/2013 07:10:07 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/23/2013 07:13:53 PM) (Source: Application Error)(User: )
Description: plugin-container.exe21.0.0.4879518ec367ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c313b801ce57d8ab64d3bdC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\ntdll.dll246d238d-c3cc-11e2-856b-1c6f6582f82d

Error: (05/21/2013 10:14:23 PM) (Source: Application Error)(User: )
Description: TotalMedia.exe3.5.35.3184ae4f803uDirector.dll1.0.0.648df25bfc000000500003da3134801ce56331925f8b9C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exeC:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uDirector.dll06d6ff11-c253-11e2-98a4-1c6f6582f82d

Error: (05/19/2013 07:08:06 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/17/2013 00:08:07 AM) (Source: Application Hang)(User: )
Description: TotalMedia.exe3.5.35.318ca001ce526b385846c736C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe142f1bdf-be75-11e2-8385-1c6f6582f82d

Error: (05/15/2013 08:35:33 PM) (Source: Application Hang)(User: )
Description: TotalMedia.exe3.5.35.3185c001ce519070b59da548C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe36a5e01a-bd8e-11e2-9821-1c6f6582f82d

Error: (05/12/2013 07:08:40 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/12/2013 06:00:52 PM) (Source: Application Hang)(User: )
Description: TotalMedia.exe3.5.35.31825801ce4f2516b7d12946C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe1b09ccb3-bb1d-11e2-ab33-1c6f6582f82d


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3467.07 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 7589.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:37.02 GB) NTFS (Disk=0 Partition=2)
Drive d: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:16.45 GB) NTFS (Disk=1 Partition=1)
Drive f: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BB9AD64E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E5B6C2C2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 490 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=490 MB) - (Type=0B)

==================== End Of Log ============================

[tomastt]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02
Ran by Giga (administrator) on 01-06-2013 19:30:35
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [OEXPRESS] [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Giga\AppData\Roaming\skype.dat [61952 2011-11-17] () <==== ATTENTION
MountPoints2: {0e328ac0-48c7-11e0-9583-806e6f6e6963} - F:\SETUP.EXE
MountPoints2: {db67c950-48ae-11e0-813d-806e6f6e6963} - E:\autorun.exe
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
IMEO: [Debugger] svchost.exe
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Remote Control.lnk
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={572C ... 2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... earchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={572C ... 2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO-x32: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\program files (x86)\google\googletoolbar.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\program files (x86)\google\googletoolbar.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default
FF SelectedSearchEngine: Seznam
FF Homepage: hxxp://www.seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WebTran - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF Extension: FireShot - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Bigpoint Games PL Community Toolbar - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: antigameorigin - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\antigameorigin@antigame.de.xpi
FF Extension: betterflickr - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\betterflickr@ginatrapani.org.xpi
FF Extension: translator - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp"]},"spdy":{"servers":["lh5.googleusercontent.com:443","ssl.gstatic.com:443","support.google.com:443","fonts.googleapis.com:443","accounts.google.com:443","plusone.google.com:443","googleads.g.doubleclick.net:443","ssl.google-analytics.com:443","toolbarqueries.google.com:443","clients2.google.com:443","clients4.google.com:443","plus.google.com:443","themes.googleusercontent.com:443","www.google.com:443","apis.google.com:443","ajax.googleapis.com:443","dl-ssl.google.com:443"]},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Encryption keys","Search Engines","Sessions","Apps"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAmR9NjCF4mEOe7OACjXxaiwAAAAACAAAAAAAQZgAAAAEAACAAAAD6gXzUj4qvhcayiV92XjLMOKgD88OfJ/Nq5Qi4D8atnQAAAAAOgAAAAAIAACAAAAAxT76uZyDeTAzRygUDVhFUu03xLsESJ5ja/WC+h6axb0AAAAAGLxoxc7QmNOEdyFuaccJ8F86QVTQERMUreF60/EfOyvj9ZdykCP1tt2CVxy2f1CUtsE0KIzvJmuloMuHKHDSMQAAAAEcrEFJ8Ckom4fJmUxdwPWoe6ZkKreNHLcRJGiMLyf7+eof4khNqdXhcwyf3kp/L7GIiQ73MspmuUKEPc4Y/uAQ=","extension_settings":true,"extensions":true,"has_setup_completed":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9v6Q4Y+loEmAEj0c+ls71QAAAAACAAAAAAAQZgAAAAEAACAAAADdvC89SJSVPE5fH888BtM8bRUcZNnbzIyfwrt8Y2YUeAAAAAAOgAAAAAIAACAAAACR/3uVt5coLGy72BMF/KdRJxebNLIlFm85UOEwpUjyeFAAAACRxBT6OBjlPq4zGFce160kiUmN/WFybgSgorvnnWnfEop/EKirsGCT5kArWsf7HT1hLfD2wySsU/hj1gwMu172rSBh4YcyHpNsv5uV6PennUAAAACcKSeuECxO56/NNukaQDK05jWZqIC+/WDlgUxwQvJfdFv4xgflbOmQF4Ik/4uHmsLLvGe3xoaMCZqcoHBYq+aX","last_synced_time":"13010513905685765","passwords":true,"preferences":true,"search_engines":true,"session_sync_guid":"session_syncdmn86FYZI8q781UXFWp2Fw==","sessions":true,"suppress_start":false,"themes":true,"typed_urls":true,"using_oauth":false},"sync_promo":{"user_skipped":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false},"translate_accepted_count":{"en":17,"pl":1,"ru":2},"translate_denied_count":{"en":0,"pl":0,"ru"
CHR Extension: (YouTube) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (Gmail) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-26] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [168448 2011-01-06] (AVerMedia TECHNOLOGIES, Inc.)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247096 2011-02-28] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [677632 2010-03-16] (AVerMedia TECHNOLOGIES, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
S3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID64.sys [9088 2008-02-27] (Compro Tech., Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RTL2831UBDA; C:\Windows\System32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\Windows\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-03-07] (Duplex Secure Ltd.)
S3 ULCDRHlp; C:\Windows\SysWow64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys DCC8177244FE79C61C4E73C65E63922A
C:\Windows\System32\DRIVERS\atikmpag.sys 7FE67D107329DC2CF89136A8E19BCEB7
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\System32\Drivers\AVerAF35.sys D37F00A992A9E099B7A4136FD55B9180
C:\Windows\system32\drivers\avgtpx64.sys 3B5657B6C11CDA87F664DD6F7DD0702D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ComproHID64.sys 3207B43EB71C5D6F29C77F909EE744F4
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03
C:\Windows\System32\drivers\ccdcmbx64.sys 907B5E1E4A592E5EDC5E4CCBDE4863C2
C:\Windows\System32\drivers\ccdcmbox64.sys 41C1AC1F3613435EB32D67BCB80A5FA5
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 285ACEC1B13A15BA520AAE06BACB9CFF
C:\Windows\System32\DRIVERS\nusb3xhc.sys F6D625FF7B56BB6EA063F0D3A5BBC996
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTL2831UBDA.sys 38BC2EA9A3F77372AE1AE1A022AE1826
C:\Windows\System32\Drivers\RTL2831UUSB.sys 6D33D376247D88AD0CAAEC40AC2E44D0
C:\Windows\System32\drivers\RTL2832UBDA.sys 50D95CF71DAB5367246C3479E96EAF47
C:\Windows\System32\Drivers\RTL2832UUSB.sys 7BA2B2447BD7A2931DDDABA534717348
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 4B3F898DC1378CED2F35D04E5B0CE0DF
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\ULCDRHlp.sys A4E07DA3AE2078BD96E84D4BAA07B71D
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 4E93C8496359E97830C75AC36393654D
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys 8844CB19A37B65E27049D4A7786726A9
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-01 19:27 - 2013-06-01 19:27 - 00000000 ____D C:\FRST
2013-05-31 21:19 - 2013-06-01 19:16 - 00000004 ____A C:\Users\Giga\AppData\Roaming\skype.ini
2013-05-31 14:14 - 2013-05-31 14:30 - 00000000 ____D C:\Users\Giga\Desktop\2013_igrzyska_atletyczne
2013-05-28 18:09 - 2013-05-28 18:29 - 00000000 ____D C:\Users\Giga\Desktop\zahrada
2013-05-25 19:24 - 2013-05-25 19:24 - 00001194 ____A C:\Users\Giga\Desktop\Odkazy aplikace Windows Media Center.lnk
2013-05-25 19:24 - 2013-05-25 19:24 - 00000000 ____D C:\Users\Public\Documents\Odkazy aplikace Windows Media Center
2013-05-25 11:57 - 2011-03-03 10:29 - 00000000 ____D C:\Users\Giga\Desktop\AP6
2013-05-25 09:51 - 2013-05-25 09:51 - 00002118 ____A C:\Users\Giga\Desktop\Minecraft.lnk
2013-05-25 09:51 - 2013-05-25 09:51 - 00000000 ____D C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-25 09:18 - 2013-05-25 20:11 - 00000000 ____D C:\Users\Giga\Desktop\hry
2013-05-20 20:08 - 2013-05-20 20:08 - 00003716 ____A C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 16:38 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 16:38 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 16:38 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 16:38 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 16:37 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 16:37 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 16:37 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 16:37 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 16:37 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 16:37 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 16:37 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 16:37 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 16:37 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 16:37 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 16:37 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 16:37 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 16:37 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 16:37 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 16:37 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 16:37 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 16:37 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 16:37 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 16:37 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 16:37 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 16:37 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 16:37 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 16:37 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 16:37 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 16:37 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 16:37 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 16:37 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 16:37 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 15:55 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 15:55 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 15:55 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 15:55 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 15:55 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 15:55 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 15:55 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 15:54 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 15:54 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 15:54 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

==================== One Month Modified Files and Folders =======

2013-06-01 19:28 - 2011-03-07 13:54 - 02042026 ____A C:\Windows\WindowsUpdate.log
2013-06-01 19:27 - 2013-06-01 19:27 - 00000000 ____D C:\FRST
2013-06-01 19:23 - 2011-06-08 18:10 - 00692692 ____A C:\Windows\System32\perfh015.dat
2013-06-01 19:23 - 2011-06-08 18:10 - 00135746 ____A C:\Windows\System32\perfc015.dat
2013-06-01 19:23 - 2011-06-08 18:02 - 00678924 ____A C:\Windows\System32\perfh019.dat
2013-06-01 19:23 - 2011-06-08 18:02 - 00133422 ____A C:\Windows\System32\perfc019.dat
2013-06-01 19:23 - 2011-06-08 17:45 - 00646802 ____A C:\Windows\System32\perfh007.dat
2013-06-01 19:23 - 2011-06-08 17:45 - 00130446 ____A C:\Windows\System32\perfc007.dat
2013-06-01 19:23 - 2009-07-14 17:18 - 00634568 ____A C:\Windows\System32\perfh005.dat
2013-06-01 19:23 - 2009-07-14 17:18 - 00123158 ____A C:\Windows\System32\perfc005.dat
2013-06-01 19:23 - 2009-07-14 07:13 - 03893864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 19:16 - 2013-05-31 21:19 - 00000004 ____A C:\Users\Giga\AppData\Roaming\skype.ini
2013-06-01 19:15 - 2013-01-30 04:54 - 00023819 ____A C:\Windows\setupact.log
2013-06-01 19:11 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 19:11 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 19:10 - 2011-06-29 04:23 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-01 19:04 - 2011-06-29 04:23 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-01 19:04 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-01 17:00 - 2011-03-07 14:48 - 00000000 ____D C:\Users\Giga\AppData\Roaming\Skype
2013-05-31 21:26 - 2012-05-24 20:31 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-31 19:02 - 2011-08-14 21:12 - 00000264 ____A C:\Windows\Tasks\RMSchedule.job
2013-05-31 14:30 - 2013-05-31 14:14 - 00000000 ____D C:\Users\Giga\Desktop\2013_igrzyska_atletyczne
2013-05-30 19:17 - 2011-03-16 05:48 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Giga.job
2013-05-28 23:21 - 2011-03-08 22:04 - 00000000 ____D C:\Users\Giga\Documents\gizbern
2013-05-28 18:29 - 2013-05-28 18:09 - 00000000 ____D C:\Users\Giga\Desktop\zahrada
2013-05-28 18:28 - 2013-01-19 18:49 - 00000000 ____D C:\Users\Giga\Desktop\tel
2013-05-28 07:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-27 15:50 - 2011-03-07 13:54 - 00000000 ____D C:\Users\Giga\AppData\Local\VirtualStore
2013-05-26 06:23 - 2009-07-14 07:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-25 20:12 - 2011-03-11 20:29 - 00188416 __ASH C:\Users\Giga\Documents\Thumbs.db
2013-05-25 20:11 - 2013-05-25 09:18 - 00000000 ____D C:\Users\Giga\Desktop\hry
2013-05-25 19:58 - 2012-09-09 07:29 - 00002005 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2013-05-25 19:27 - 2011-03-07 18:01 - 00013384 ____A C:\Users\Giga\AppData\Roaming\AVSDVDPlayer.m3u
2013-05-25 19:24 - 2013-05-25 19:24 - 00001194 ____A C:\Users\Giga\Desktop\Odkazy aplikace Windows Media Center.lnk
2013-05-25 19:24 - 2013-05-25 19:24 - 00000000 ____D C:\Users\Public\Documents\Odkazy aplikace Windows Media Center
2013-05-25 19:24 - 2013-03-25 20:39 - 00084480 __ASH C:\Users\Giga\Desktop\Thumbs.db
2013-05-25 19:20 - 2011-10-14 22:41 - 00022528 ____A C:\Users\Giga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-25 13:11 - 2011-06-29 04:23 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-25 12:00 - 2011-03-07 14:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-25 11:59 - 2011-06-01 15:27 - 00000000 ____D C:\Program Files (x86)\AVerMedia
2013-05-25 11:52 - 2011-11-16 22:12 - 00000000 ____D C:\Users\Giga\Documents\dawid
2013-05-25 11:51 - 2011-09-01 07:08 - 00000000 ____D C:\Users\Giga\Desktop\nonstoptesty
2013-05-25 09:51 - 2013-05-25 09:51 - 00002118 ____A C:\Users\Giga\Desktop\Minecraft.lnk
2013-05-25 09:51 - 2013-05-25 09:51 - 00000000 ____D C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-20 20:08 - 2013-05-20 20:08 - 00003716 ____A C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-05-20 20:08 - 2012-09-04 14:38 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-20 20:08 - 2012-05-27 12:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-18 08:11 - 2012-05-05 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-17 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 19:26 - 2012-05-24 20:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 19:26 - 2012-05-24 20:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 18:37 - 2009-07-14 06:45 - 00422056 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-05-15 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-05-15 16:44 - 2009-07-14 04:34 - 00000681 ____A C:\Windows\win.ini
2013-05-15 16:41 - 2011-03-07 15:40 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-05 23:36 - 2013-05-15 16:38 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-15 16:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-15 16:38 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-15 16:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 17:29 - 2011-03-07 14:29 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\Giga\AppData\Roaming\skype.dat
C:\Users\Giga\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {b255857f-0a0d-11e0-bb1d-b7e02b5ce133}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {b255857f-0a0d-11e0-bb1d-b7e02b5ce133}
device ramdisk=[C:]\Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\Winre.wim,{b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\Winre.wim,{b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
systemroot \windows
nx OptIn
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\boot.sdi



Last Boot: 2013-05-26 15:04

==================== End Of Log ============================

[tomastt]

Povedlo se PC nastartoval jak má
zde LOG

Logfile of random's system information tool 1.09 (written by random/random)
Run by Giga at 2013-06-01 20:25:08
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 38 GB (4%) free of 954 GB
Total RAM: 4094 MB (69% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
"C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1fa0e29c-b12d-4e60-87e7-1cc0fefb56f0 -SystemEventPortName:HostProcess-bbe74ea0-7b16-47f7-bc36-d4aba6be4397 -IoCancelEventPortName:HostProcess-d2881cff-d91a-4f52-8d61-2080b10889cd -NonStateChangingEventPortName:HostProcess-2f492b70-5ee5-40b6-9bbe-0e55362530b1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:41e70f3d-719c-470a-81d2-f5acc617682f -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe"
"C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4200 series#1347637101" -Startup
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"F:\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Giga.job
C:\Windows\tasks\RMSchedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default

prefs.js - "browser.search.suggest.enabled" - false
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2009, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13, {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
mall-cz.xml

C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\extensions\
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{0b457cAA-602d-484a-8fe7-c1d894a011ba}
{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\searchplugins\
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2011-03-10 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-20 1991344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files (x86)\google\googletoolbar.dll [2011-05-21 745472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17 3855520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2011-03-10 520192]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files (x86)\google\googletoolbar.dll [2011-05-21 745472]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-02-28 1048888]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll [2013-05-20 1991344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"= []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-05-10 37960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.4\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\Winampa.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2010-04-27 113288]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-26 336384]
"ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2010-11-15 112600]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-05-20 1226928]
"ArcSoft Connection Service"=C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Remote Control.lnk - C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe
TMMonitor.lnk - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=2
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"DisallowRun"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-01 20:05:18 ----D---- C:\rsit
2013-06-01 20:05:18 ----D---- C:\Program Files\trend micro
2013-06-01 19:27:10 ----D---- C:\FRST
2013-06-01 16:54:51 ----A---- C:\Windows\ntbtlog.txt
2013-05-25 09:51:25 ----D---- C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-17 17:17:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-05-15 16:38:25 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-05-15 16:38:24 ----A---- C:\Windows\system32\mshtml.dll
2013-05-15 16:37:51 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-05-15 16:37:51 ----A---- C:\Windows\system32\mshtmled.dll
2013-05-15 16:37:50 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-05-15 16:37:50 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-05-15 16:37:50 ----A---- C:\Windows\system32\iertutil.dll
2013-05-15 16:37:49 ----A---- C:\Windows\SYSWOW64\url.dll
2013-05-15 16:37:49 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-05-15 16:37:49 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-05-15 16:37:49 ----A---- C:\Windows\system32\url.dll
2013-05-15 16:37:49 ----A---- C:\Windows\system32\ieUnatt.exe
2013-05-15 16:37:49 ----A---- C:\Windows\system32\ieui.dll
2013-05-15 16:37:48 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-05-15 16:37:48 ----A---- C:\Windows\system32\urlmon.dll
2013-05-15 16:37:48 ----A---- C:\Windows\system32\jscript9.dll
2013-05-15 16:37:47 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-05-15 16:37:47 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-05-15 16:37:47 ----A---- C:\Windows\system32\wininet.dll
2013-05-15 16:37:47 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-15 16:37:47 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-15 16:37:46 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-05-15 16:37:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-05-15 16:37:46 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-05-15 16:37:46 ----A---- C:\Windows\system32\vbscript.dll
2013-05-15 16:37:46 ----A---- C:\Windows\system32\jscript.dll
2013-05-15 16:37:43 ----A---- C:\Windows\system32\ieframe.dll
2013-05-15 16:37:42 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-05-15 15:55:05 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 15:55:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 15:55:05 ----A---- C:\Windows\system32\cdd.dll
2013-05-15 15:55:01 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 15:55:00 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-05-15 15:55:00 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-15 15:55:00 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-05-15 15:55:00 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 15:55:00 ----A---- C:\Windows\system32\consent.exe
2013-05-15 15:55:00 ----A---- C:\Windows\system32\authui.dll
2013-05-15 15:55:00 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 15:54:54 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 15:54:54 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 15:54:53 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2013-06-01 20:12:03 ----D---- C:\Windows\Temp
2013-06-01 20:06:11 ----D---- C:\Windows\System32
2013-06-01 20:06:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-01 20:06:10 ----D---- C:\Windows\inf
2013-06-01 20:05:18 ----RD---- C:\Program Files
2013-06-01 19:27:13 ----D---- C:\Windows
2013-06-01 19:19:28 ----D---- C:\Windows\system32\catroot2
2013-06-01 19:16:55 ----D---- C:\Windows\system32\config
2013-06-01 17:00:39 ----D---- C:\Users\Giga\AppData\Roaming\Skype
2013-05-31 19:02:25 ----AD---- C:\ProgramData\TEMP
2013-05-31 13:40:33 ----D---- C:\Windows\Prefetch
2013-05-28 07:17:19 ----D---- C:\Windows\system32\NDF
2013-05-26 19:10:07 ----SHD---- C:\System Volume Information
2013-05-25 19:48:25 ----D---- C:\Windows\system32\Tasks
2013-05-25 12:00:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-05-25 12:00:26 ----SHD---- C:\Windows\Installer
2013-05-25 12:00:26 ----HD---- C:\Config.Msi
2013-05-25 12:00:19 ----RD---- C:\Program Files (x86)
2013-05-25 12:00:19 ----HD---- C:\ProgramData
2013-05-25 12:00:19 ----D---- C:\Program Files (x86)\Common Files
2013-05-25 12:00:08 ----D---- C:\Windows\SysWOW64
2013-05-25 11:59:58 ----D---- C:\Program Files (x86)\AVerMedia
2013-05-20 20:08:42 ----D---- C:\Program Files (x86)\AVG Secure Search
2013-05-18 08:11:45 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-17 17:50:56 ----D---- C:\Windows\rescache
2013-05-15 19:26:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-15 19:05:40 ----RSD---- C:\Windows\assembly
2013-05-15 19:05:40 ----D---- C:\Windows\Microsoft.NET
2013-05-15 18:37:48 ----D---- C:\Windows\winsxs
2013-05-15 18:35:27 ----D---- C:\Windows\system32\drivers
2013-05-15 18:35:27 ----D---- C:\Windows\AppPatch
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\ru-RU
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\pl-PL
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\en-US
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\de-DE
2013-05-15 18:35:26 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-05-15 18:35:25 ----D---- C:\Windows\system32\sk-SK
2013-05-15 18:35:25 ----D---- C:\Windows\system32\ru-RU
2013-05-15 18:35:25 ----D---- C:\Windows\system32\pl-PL
2013-05-15 18:35:25 ----D---- C:\Windows\system32\en-US
2013-05-15 18:35:25 ----D---- C:\Windows\system32\de-DE
2013-05-15 18:35:25 ----D---- C:\Windows\system32\cs-CZ
2013-05-15 18:35:24 ----D---- C:\Windows\SYSWOW64\migration
2013-05-15 18:35:24 ----D---- C:\Windows\system32\migration
2013-05-15 18:35:24 ----D---- C:\Program Files (x86)\Internet Explorer
2013-05-15 18:35:23 ----D---- C:\Program Files\Internet Explorer
2013-05-15 16:44:54 ----A---- C:\Windows\win.ini
2013-05-15 16:41:18 ----A---- C:\Windows\system32\MRT.exe
2013-05-15 16:38:31 ----D---- C:\Windows\system32\catroot
2013-05-02 17:29:56 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-03-07 513080]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-27 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-10-16 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 AVerAF35;AVerMedia A835 USB DVB-T; C:\Windows\System32\Drivers\AVerAF35.sys [2010-03-16 677632]
S3 ComproHID;VideoMate Root Enumerated Hid Device; C:\Windows\system32\DRIVERS\ComproHID64.sys [2008-02-27 9088]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver; C:\Windows\system32\drivers\RTL2831UBDA.sys [2009-08-28 116000]
S3 RTL2831UUSB;REALTEK 2831U USB Driver; C:\Windows\System32\Drivers\RTL2831UUSB.sys [2009-08-28 39968]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver; C:\Windows\system32\drivers\RTL2832UBDA.sys [2009-08-13 116768]
S3 RTL2832UUSB;REALTEK 2832U USB Driver; C:\Windows\System32\Drivers\RTL2832UUSB.sys [2009-08-13 38944]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-01-27 203776]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 AVerUpdateServer;AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-01-28 632792]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-15 256904]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-29 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-17 117144]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-07 1255736]

-----------------EOF-----------------

[tomastt]

OTL udělal sken ale na konci to hodilo chybu a nevytvořilo to logy

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-01 22:00:17
-----------------------------
22:00:17.960 OS Version: Windows x64 6.1.7601 Service Pack 1
22:00:17.960 Number of processors: 4 586 0x403
22:00:17.960 ComputerName: GIGA-PC UserName: Giga
22:00:19.583 Initialize success
22:00:21.631 AVAST engine download error: 0
22:00:22.648 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:00:22.648 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
22:00:22.648 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
22:00:22.648 Disk 1 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
22:00:22.648 Disk 0 MBR read successfully
22:00:22.664 Disk 0 MBR scan
22:00:22.664 Disk 0 Windows 7 default MBR code
22:00:22.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:00:22.664 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

22:00:22.679 Disk 0 scanning C:\Windows\system32\drivers
22:00:27.515 Service scanning
22:00:34.145 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:00:36.501 Modules scanning
22:00:36.501 Disk 0 trace - called modules:
22:00:36.516 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039b32c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:00:36.532 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a9e060]
22:00:36.532 3 CLASSPNP.SYS[fffff88001a0543f] -> nt!IofCallDriver -> [0xfffffa800480fe40]
22:00:36.532 5 ACPI.sys[fffff880011b37a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004830680]
22:00:36.532 \Driver\atapi[0xfffffa80045084f0] -> IRP_MJ_CREATE -> 0xfffffa80039b32c0
22:00:36.548 Scan finished successfully
22:01:10.665 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
22:01:10.868 The log file has been saved successfully to "F:\aswMBR.txt"


vysledek z VIRUSTOTAL


File identification
MD5 5465c1bb4572b886e83b016e4ca40c9c
SHA1 d4a98ff75aad00a49605d2b250476b1471d77bbc
SHA256 dd819f992c6e7164227913330a0089d1160411c10f932b557278ec7a9e3c8c80
ssdeep
6:GHcimqQ0hFlc1tWZVLTqvFh226ALwPr0w2ZnRIyFT06pxJtAKCFWHWLLGAKCFWfS:cdm6lc1EBclMPAlBvyStYcWLT5LB

File size 512 bajtů ( 512 bytes )
File type unknown
Magic literal
x86 boot sector
TrID Unknown!

 VirusTotal metadata
First submission 2013-06-01 19:52:32 UTC ( 1 minuta ago )
Last submission 2013-06-01 19:52:32 UTC ( 1 minuta ago ) File names PhysicalMBR.bin

 ExifTool file metadata
FileAccessDate
2013:06:01 20:52:44+01:00

FileCreateDate
2013:06:01 20:52:44+01:00

[tomastt]

fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02
Ran by Giga at 2013-06-01 20:00:08 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Giga\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

chyba okno červene kolečko s bílym X něco anglicky ve smyslu CRASH a tlačítko OK

[tomastt]

Combofix jsem spustil po chvilce skenovani došlo k restartu PC bez jakekoli hlášky
oběvilo se okno s hlaškou že připravuje log. Asi 30 min se nic nedělo tak jsem ho vypnul a skusil
spustit znovu, vyskočila hlaška o označenem registru k odstranění. Takže jsem dal restart a spustil combofix, proběhl sken
a zustalo to zase viset, a neoběvil se žáden log.

Nějaky nápad??
rano jdu do prace dorazím k večeru, Zatim dík

[tomastt]

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Giga [Práva správce]
Mód : Kontrola -- Datum : 06/02/2013 18:44:39
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 5465c1bb4572b886e83b016e4ca40c9c
[BSP] 936172526063d3a6f2cbde8e6e75298b : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD10EALX-009BA0 ATA Device +++++
--- User ---
[MBR] 6581cf54b361eee846d520302ed3d1a5
[BSP] 84d197bb61a902cf7e83988876befed4 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_06022013_02d1844.txt >>
RKreport[1]_S_06022013_02d1844.txt



pro info: koukl jsem do antiviroveho trezoru a je tam nějaky WIN32/FakeVimes s vystrahou k okamžitemu odebráni
samozřejmě nic nemažu bez pokynu

[tomastt]

To je vše co zjistim v antiviru
Kategorie: Trojský kůň

Popis: Tento program je nebezpečný. Provádí příkazy zadané útočníkem.

Doporučená akce: Ihned tento software odeberte.

Položky:
folder:C:\Users\Giga\AppData\Roaming\AV Security Essentials\
file:C:\ProgramData\529802\3127.mof


PRVNI LOG
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_24
Run by Giga at 19:03:00 on 2013-06-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4094.2402 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Users\Giga\Desktop\RogueKiller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
dURLSearchHooks: ICQToolBar: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
dURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: WebTransBHO Class: {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\Google\googletoolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar.dll
TB: WebTranslator: {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar.dll
TB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
EB: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [OEXPRESS] <no file>
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
dRunOnce: [osk.exe] osk.exe
dRunOnce: [Application Restart #0] C:\Windows\System32\osk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REMOTE~1.LNK - C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TMMONI~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:2
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Google Search - C:\Program Files (x86)\Google\googletoolbar.dll/cmsearch.html
IE: Backward &Links - C:\Program Files (x86)\Google\googletoolbar.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - C:\Program Files (x86)\Google\googletoolbar.dll/cmcache.html
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - C:\Program Files (x86)\Google\googletoolbar.dll/cmsimilar.html
IE: Translate into English - C:\Program Files (x86)\Google\googletoolbar.dll/cmtrans.html
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{E90FE55B-64BB-4445-8A0C-18AB06872C60} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Users\Giga\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 45856]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AVerUpdateServer;AVerUpdateServer;C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-1-6 168448]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-11-29 247096]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 130008]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-8-14 632792]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-3-7 46136]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 NisSrv;Kontrola sítě Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-4-27 83080]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-4-27 184968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-2 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AVerAF35;AVerMedia A835 USB DVB-T;C:\Windows\System32\drivers\AVerAF35.sys [2010-3-16 677632]
S3 ComproHID;VideoMate Root Enumerated Hid Device;C:\Windows\System32\drivers\ComproHID64.sys [2011-5-24 9088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-7 20992]
S3 RTL2831UBDA;REALTEK 2831U BDA Driver;C:\Windows\System32\drivers\RTL2831UBDA.sys [2009-8-28 116000]
S3 RTL2831UUSB;REALTEK 2831U USB Driver;C:\Windows\System32\drivers\RTL2831UUSB.sys [2009-8-28 39968]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;C:\Windows\System32\drivers\RTL2832UBDA.sys [2011-6-21 116768]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;C:\Windows\System32\drivers\RTL2832UUSB.sys [2011-6-21 38944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-7 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-7 1255736]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-06-02 16:25:26 -------- d-----w- C:\ComboFix
2013-06-01 20:40:26 98816 ----a-w- C:\Windows\sed.exe
2013-06-01 20:40:26 256000 ----a-w- C:\Windows\PEV.exe
2013-06-01 20:40:26 208896 ----a-w- C:\Windows\MBR.exe
2013-06-01 19:22:42 512 ----a-w- C:\PhysicalMBR.bin
2013-06-01 18:05:18 -------- d-----w- C:\Program Files\trend micro
2013-06-01 17:27:10 -------- d-----w- C:\FRST
2013-05-31 03:41:57 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{76263359-64B6-4934-845C-9A55CE02AFD7}\mpengine.dll
2013-05-30 02:34:42 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-25 07:51:25 -------- d-----w- C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-21 15:00:41 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7F4C3368-A8B8-4448-B45B-5CCC38AB078F}\gapaengine.dll
2013-05-15 14:38:24 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 14:38:24 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-15 13:55:05 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 13:55:05 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 13:55:05 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 13:55:00 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 13:55:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 13:55:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 13:55:00 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 13:54:54 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 13:54:54 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 13:54:53 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-10 07:57:26 187456 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2013-05-20 18:08:35 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-15 17:26:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 17:26:26 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 19:03:08,30 ===============

DRUHY LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7.3.2011 12:54:30
System Uptime: 2.6.2013 18:21:48 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3
Processor: AMD Phenom(tm) II X4 965 Processor | Socket M2 | 3400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 36,924 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 16,479 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP76: 1.6.2013 21:22:10 - OTL Restore Point - 1.6.2013 21:22:10
RP77: 2.6.2013 19:00:12 - Windows Zálohování
.
==== Installed Programs ======================
.
3 Tor
64 Bit HP CIO Components Installer
ACDSee 5.0 PowerPack
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) - Czech
Adobe Shockwave Player 11.6
Advanced SystemCare 3
AIO_Scan
AMD Drag and Drop Transcoding
AMD Fuel
Apple Application Support
Apple Software Update
ArcSoft TotalMedia 3.5
Ashampoo Burning Studio 10.0.1
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Stream SDK v2 Developer
AVerMedia A835 USB TV Tuner 8.0.64.57
AVG Security Toolbar
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
BufferChm
C4200
C4200_doccd
c4200_Help
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility64
CCC Help English
CCleaner
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.0.9.322
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Dream Aquarium 1.234
DVD Shrink 3.2
EasyBits GO
eSupportQFolder
Fish Fillets
Google Earth Plug-in
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
ICQ Toolbar
ICQ7.5
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Mega Codec Pack 7.0.0
Luxor 1.0.5.34 S
Luxor 2 - version 2.0.6.17 S
Luxor 3 - version 1.0
Luxor 4: Quest for the Afterlife - version 1.0.82
Malwarebytes' Anti-Malware
MarketResearch
MediaInfo 0.7.57 (32-bit)
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft Antimalware Service CS-CZ Language Pack
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Client CS-CZ Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Minecraft 1.4.5
Mozilla Firefox 21.0 (x86 cs)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My DSC
Nero 7 Ultra Edition
neroxml
Nokia Connectivity Cable Driver
Norton Security Scan
Opera 12.15
PlayReady PC Runtime amd64
PowerDVD
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QuickTime
Registry Mechanic 10.0
Renesas Electronics USB 3.0 Host Controller Driver
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)
Skype Click to Call
Skype™ 6.3
SnugTV Station
SolutionCenter
Status
swMSM
The Lord of the Rings FREE Trial
Toolbox
TrayApp
Ulead Straight-to-Disc SDK
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VideoToolkit01
WebReg
Winamp (remove only)
Windows XP Creativity Fun Packs - Windows Media Player 9 Series
WinFast Dongle Mini Device Utilities
WinFast DTV Dongle Mini
WinRAR
WMV9/VC-1 Video Playback
Zoner Photo Studio 12
.
==== End Of File ===========================

[tomastt]

Jo a pokud s evytvorila slozka qoobox na cesku , zararur ji, upni.

složka tam je ale nejde zabalit píše přístup odepřen

[tomastt]

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-06-02 19:36:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD1002FAEX-00Z3A0 rev.05.01D05 931,51GB
Running: gmer.exe; Driver: C:\Users\Giga\AppData\Local\Temp\kxldqpow.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800466ed64 12 bytes {MOV RAX, 0xfffffa800548a2a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1640] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[3416] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076741465 2 bytes [74, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000767414bb 2 bytes [74, 76]
.text ... * 2

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort4 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort5 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort6 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort7 fffffa80039b52c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80039b52c0
Device \FileSystem\Ntfs \Ntfs fffffa80039b92c0
Device \FileSystem\fastfat \Fat fffffa800614c2c0
Device \Driver\atapi \Device\ScsiPort7 fffffa80039b52c0
Device \Driver\USBSTOR \Device\00000078 fffffa8005d632c0
Device \Driver\usbohci \Device\USBPDO-5 fffffa800546c2c0
Device \Driver\usbehci \Device\USBFDO-3 fffffa80054a52c0
Device \Driver\USBSTOR \Device\00000074 fffffa8005d632c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa80054a52c0
Device \Driver\USBSTOR \Device\00000070 fffffa8005d632c0
Device \Driver\cdrom \Device\CdRom0 fffffa800530c2c0
Device \Driver\usbehci \Device\USBPDO-6 fffffa80054a52c0
Device \Driver\usbohci \Device\USBFDO-4 fffffa800546c2c0
Device \Driver\usbohci \Device\USBPDO-2 fffffa800546c2c0
Device \Driver\usbohci \Device\USBFDO-0 fffffa800546c2c0
Device \Driver\USBSTOR \Device\00000071 fffffa8005d632c0
Device \Driver\usbohci \Device\USBFDO-5 fffffa800546c2c0
Device \Driver\usbehci \Device\USBPDO-3 fffffa80054a52c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa80054a52c0
Device \Driver\USBSTOR \Device\00000072 fffffa8005d632c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{E90FE55B-64BB-4445-8A0C-18AB06872C60} fffffa800537c2c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800537c2c0
Device \Driver\usbehci \Device\USBFDO-6 fffffa80054a52c0
Device \Driver\usbohci \Device\USBPDO-4 fffffa800546c2c0
Device \Driver\USBSTOR \Device\00000077 fffffa8005d632c0
Device \Driver\usbohci \Device\USBFDO-2 fffffa800546c2c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80039b52c0
Device \Driver\USBSTOR \Device\00000073 fffffa8005d632c0
Device \Driver\usbohci \Device\USBPDO-0 fffffa800546c2c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80039b52c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80039b52c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80039b52c0
Device \Driver\atapi \Device\ScsiPort5 fffffa80039b52c0
Device \Driver\atapi \Device\ScsiPort6 fffffa80039b52c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039b52c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80039b52c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a9a060] fffffa8004a9a060
Trace 3 CLASSPNP.SYS[fffff88001b3e43f] -> nt!IofCallDriver -> [0xfffffa8004826580] fffffa8004826580
Trace 5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800482e060] fffffa800482e060
Trace \Driver\atapi[0xfffffa8003b0aac0] -> IRP_MJ_CREATE -> 0xfffffa80039b52c0 fffffa80039b52c0

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xD8 0xF1 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xD8 0xF1 0x09 ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0xD8 0xF1 0x09 ...

---- EOF - GMER 2.1 ----

[tomastt]

rar qolbox

[tomastt]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2013 02
Ran by Giga at 2013-06-03 16:14:43 Run:
Running from F:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

3 Tor
64 Bit HP CIO Components Installer (Version: 1.0.0)
ACDSee 5.0 PowerPack (Version: 5.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) - Czech (Version: 10.1.7)
Adobe Shockwave Player 11.6 (Version: 11.6.6.636)
Advanced SystemCare 3 (Version: 3.7.3)
AIO_Scan (Version: 90.0.200.000)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0126.1749.31909)
Apple Application Support (Version: 1.2.1)
Apple Software Update (Version: 2.1.1.116)
ArcSoft TotalMedia 3.5 (Version: 3.5.35.318)
Ashampoo Burning Studio 10.0.1 (Version: 10.0.1)
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.3.0.0)
AVerMedia A835 USB TV Tuner 8.0.64.57 (Version: 8.0.64.57)
AVG Security Toolbar (Version: 15.2.0.5)
AVS DVD Player version 2.4
AVS4YOU Software Navigator 1.2
BufferChm (Version: 90.0.146.000)
C4200 (Version: 90.0.200.000)
C4200_doccd (Version: 90.0.200.000)
c4200_Help (Version: 90.0.200.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCleaner (Version: 3.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
Copy (Version: 90.0.146.000)
CustomerResearchQFolder (Version: 1.00.0000)
Destination Component (Version: 090.000.091.086)
DeviceDiscovery (Version: 90.0.146.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
Dream Aquarium 1.234
DVD Shrink 3.2
EasyBits GO
eSupportQFolder (Version: 1.00.0000)
Fish Fillets
Google Earth Plug-in (Version: 7.0.3.8542)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer
Google Update Helper (Version: 1.3.21.145)
HP Customer Participation Program 9.0 (Version: 9.0)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart All-In-One Software 9.0 (Version: 9.0)
HP Photosmart Essential 2.01 (Version: 2.01)
HP Photosmart Essential2.01 (Version: 1.01.0000)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.002)
HPProductAssistant (Version: 90.0.146.000)
HPSSupply (Version: 2.2.0.0000)
ICQ Toolbar (Version: 3.0.0)
ICQ7.5 (Version: 7.5)
Java Auto Updater (Version: 2.0.3.1)
Java(TM) 6 Update 24 (Version: 6.0.240)
K-Lite Mega Codec Pack 7.0.0 (Version: 7.0.0)
Luxor 1.0.5.34 S
Luxor 2 - version 2.0.6.17 S
Luxor 3 - version 1.0
Luxor 4: Quest for the Afterlife - version 1.0.82
Malwarebytes' Anti-Malware
MarketResearch (Version: 90.0.146.000)
MediaInfo 0.7.57 (32-bit) (Version: 0.7.57)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service CS-CZ Language Pack (Version: 3.0.8402.2)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office FrontPage 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client CS-CZ Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Minecraft 1.4.5
Mozilla Firefox 21.0 (x86 cs) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My DSC
Nero 7 Ultra Edition (Version: 7.02.9752)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
Norton Security Scan (Version: 3.0.0.103)
Opera 12.15 (Version: 12.15.1748)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PowerDVD
PS_AIO_ProductContext (Version: 90.0.200.000)
PS_AIO_Software (Version: 90.0.200.000)
PS_AIO_Software_min (Version: 90.0.200.000)
PSSWCORE (Version: 2.01.0000)
QuickTime (Version: 7.66.71.0)
Registry Mechanic 10.0 (Version: 10.0)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
Scan (Version: 9.0.0.0)
Skype Click to Call (Version: 5.9.9216)
Skype™ 6.3 (Version: 6.3.105)
SnugTV Station (Version: 3.8.1)
SolutionCenter (Version: 90.0.146.000)
Status (Version: 90.0.146.000)
swMSM (Version: 12.0.0.1)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Toolbox (Version: 90.0.146.000)
TrayApp (Version: 90.0.146.000)
Ulead Straight-to-Disc SDK (Version: 3.5)
Unity Web Player (Version: )
UnloadSupport (Version: 9.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VideoToolkit01 (Version: 90.0.146.000)
WebReg (Version: 90.0.146.000)
Winamp (remove only)
Windows XP Creativity Fun Packs - Windows Media Player 9 Series (Version: 1.00.0000)
WinFast Dongle Mini Device Utilities (Version: 3.0.0.0)
WinFast DTV Dongle Mini
WinRAR
WMV9/VC-1 Video Playback (Version: 1.00.0000)
Zoner Photo Studio 12 (Version: 12.0.1.5)

==================== Restore Points =========================

01-06-2013 19:22:10 OTL Restore Point - 1.6.2013 21:22:10
02-06-2013 17:00:12 Windows Zálohování

==================== Faulty Device Manager Devices =============

Name: Uživatelská infračervená zařízení
Description: Uživatelská infračervená zařízení
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2013 07:07:28 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/28/2013 11:21:37 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: firefox.exe, verze: 21.0.0.4879, časové razítko: 0x518ec3cc
Název chybujícího modulu: xul.dll, verze: 21.0.0.4879, časové razítko: 0x518ec306
Kód výjimky: 0xc0000005
Posun chyby: 0x001c9789
ID chybujícího procesu: 0x12a0
Čas spuštění chybující aplikace: 0xfirefox.exe0
Cesta k chybující aplikaci: firefox.exe1
Cesta k chybujícímu modulu: firefox.exe2
ID zprávy: firefox.exe3

Error: (05/28/2013 07:03:32 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: OUTLOOK.EXE, verze: 11.0.8326.0, časové razítko: 0x4c1c2372
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0xc0000005
Posun chyby: 0x000000f0
ID chybujícího procesu: 0x1394
Čas spuštění chybující aplikace: 0xOUTLOOK.EXE0
Cesta k chybující aplikaci: OUTLOOK.EXE1
Cesta k chybujícímu modulu: OUTLOOK.EXE2
ID zprávy: OUTLOOK.EXE3

Error: (05/26/2013 07:10:07 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/23/2013 07:13:53 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 21.0.0.4879, časové razítko: 0x518ec367
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.17725, časové razítko: 0x4ec49b8f
Kód výjimky: 0xc0000374
Posun chyby: 0x000ce6c3
ID chybujícího procesu: 0x13b8
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (05/21/2013 10:14:23 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: TotalMedia.exe, verze: 3.5.35.318, časové razítko: 0x4ae4f803
Název chybujícího modulu: uDirector.dll, verze: 1.0.0.6, časové razítko: 0x48df25bf
Kód výjimky: 0xc0000005
Posun chyby: 0x00003da3
ID chybujícího procesu: 0x1348
Čas spuštění chybující aplikace: 0xTotalMedia.exe0
Cesta k chybující aplikaci: TotalMedia.exe1
Cesta k chybujícímu modulu: TotalMedia.exe2
ID zprávy: TotalMedia.exe3

Error: (05/19/2013 07:08:06 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).

Error: (05/17/2013 00:08:07 AM) (Source: Application Hang) (User: )
Description: Program TotalMedia.exe verze 3.5.35.318 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: ca0

Čas spuštění: 01ce526b385846c7

Čas ukončení: 36

Cesta k aplikaci: C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe

ID hlášení: 142f1bdf-be75-11e2-8385-1c6f6582f82d

Error: (05/15/2013 08:35:33 PM) (Source: Application Hang) (User: )
Description: Program TotalMedia.exe verze 3.5.35.318 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 5c0

Čas spuštění: 01ce519070b59da5

Čas ukončení: 48

Cesta k aplikaci: C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe

ID hlášení: 36a5e01a-bd8e-11e2-9821-1c6f6582f82d

Error: (05/12/2013 07:08:40 PM) (Source: Windows Backup) (User: )
Description: Zálohování nebylo úspěšné. Chyba: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048).


System errors:
=============
Error: (06/03/2013 04:12:13 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 04:12:13 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/03/2013 04:12:13 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2013 04:12:13 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
AFD
CSC
DfsC
discache
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
sptd
tdx
Wanarpv6
WfpLwf
ws2ifsl

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Služba Sledování umístění v síti (NLA) závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Služba Síťová připojení závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Služba Mini-přesměrovač SMB 2.0 závisí na službě Obálka a jádro minipřesměrovačů SMB, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Služba Mini-přesměrovač SMB 1.x závisí na službě Obálka a jádro minipřesměrovačů SMB, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 04:09:40 PM) (Source: Service Control Manager) (User: )
Description: Služba Obálka a jádro minipřesměrovačů SMB závisí na službě Podsystém přesměrovaného ukládání do vyrovnávací paměti, která neuspěla při spuštění v důsledku následující chyby:
%%31


Microsoft Office Sessions:
=========================
Error: (06/02/2013 07:07:28 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/28/2013 11:21:37 PM) (Source: Application Error)(User: )
Description: firefox.exe21.0.0.4879518ec3ccxul.dll21.0.0.4879518ec306c0000005001c978912a001ce5b702afd96d0C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll93c70378-c7dc-11e2-8170-1c6f6582f82d

Error: (05/28/2013 07:03:32 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005000000f0139401ce5ba8d5881a1dC:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEunknown864310df-c7b8-11e2-8170-1c6f6582f82d

Error: (05/26/2013 07:10:07 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/23/2013 07:13:53 PM) (Source: Application Error)(User: )
Description: plugin-container.exe21.0.0.4879518ec367ntdll.dll6.1.7601.177254ec49b8fc0000374000ce6c313b801ce57d8ab64d3bdC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\ntdll.dll246d238d-c3cc-11e2-856b-1c6f6582f82d

Error: (05/21/2013 10:14:23 PM) (Source: Application Error)(User: )
Description: TotalMedia.exe3.5.35.3184ae4f803uDirector.dll1.0.0.648df25bfc000000500003da3134801ce56331925f8b9C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exeC:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uDirector.dll06d6ff11-c253-11e2-98a4-1c6f6582f82d

Error: (05/19/2013 07:08:06 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)

Error: (05/17/2013 00:08:07 AM) (Source: Application Hang)(User: )
Description: TotalMedia.exe3.5.35.318ca001ce526b385846c736C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe142f1bdf-be75-11e2-8385-1c6f6582f82d

Error: (05/15/2013 08:35:33 PM) (Source: Application Hang)(User: )
Description: TotalMedia.exe3.5.35.3185c001ce519070b59da548C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe36a5e01a-bd8e-11e2-9821-1c6f6582f82d

Error: (05/12/2013 07:08:40 PM) (Source: Windows Backup)(User: )
Description: V umístění úložiště pro zálohování není dostatek místa pro zálohování dat. (0x80780048)


CodeIntegrity Errors:
===================================
Date: 2013-06-01 22:44:00.579
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-01 22:44:00.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4093.55 MB
Available physical RAM: 3474.83 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 7590.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:35.35 GB) NTFS (Disk=0 Partition=2)
Drive d: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:13.84 GB) NTFS (Disk=1 Partition=1)
Drive f: () (Removable) (Total:0.47 GB) (Free:0.46 GB) FAT32 (Disk=6 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BB9AD64E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: E5B6C2C2)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 490 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=490 MB) - (Type=0B)

==================== End Of Log ============================


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02
Ran by Giga (administrator) on 03-06-2013 16:14:26
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [OEXPRESS] [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Remote Control.lnk
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\WinFast\Dongle Mini\Dongle Mini Device Utilities\RTLRCtl.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://findgala.com/?&uid=8050&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... earchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={572C ... 2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
BHO-x32: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\program files (x86)\google\googletoolbar.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
Toolbar: HKLM-x32 - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\program files (x86)\google\googletoolbar.dll (Google Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default
FF SelectedSearchEngine: Seznam
FF Homepage: hxxp://www.seznam.cz/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WebTran - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF Extension: FireShot - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: Bigpoint Games PL Community Toolbar - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{5c81f57f-3cf7-4785-b4ef-11ace31aec4f}
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: antigameorigin - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\antigameorigin@antigame.de.xpi
FF Extension: betterflickr - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\betterflickr@ginatrapani.org.xpi
FF Extension: translator - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\translator@zoli.bod.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{71bfcce7-421d-4042-95d4-a585a821cbca}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Giga\AppData\Roaming\Mozilla\Firefox\Profiles\rk9s4zw7.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp","hxxp://isearch.avg.com/?cid={572C8199-126E-4455-A78D-D6C6DF535131}&mid=3ac1bea39bc047d0a4dbcd26236611de-4b066675198d72ab24239a5ac3e9a8fa75262db3&lang=cs&ds=bm012&pr=sa&d=2012-05-27 12:52:32&v=14.2.0.1&pid=avg&sg=&sap=hp"]},"spdy":{"servers":["lh5.googleusercontent.com:443","ssl.gstatic.com:443","support.google.com:443","fonts.googleapis.com:443","accounts.google.com:443","plusone.google.com:443","googleads.g.doubleclick.net:443","ssl.google-analytics.com:443","toolbarqueries.google.com:443","clients2.google.com:443","clients4.google.com:443","plus.google.com:443","themes.googleusercontent.com:443","www.google.com:443","apis.google.com:443","ajax.googleapis.com:443","dl-ssl.google.com:443"]},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Encryption keys","Search Engines","Sessions","Apps"],"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAmR9NjCF4mEOe7OACjXxaiwAAAAACAAAAAAAQZgAAAAEAACAAAAD6gXzUj4qvhcayiV92XjLMOKgD88OfJ/Nq5Qi4D8atnQAAAAAOgAAAAAIAACAAAAAxT76uZyDeTAzRygUDVhFUu03xLsESJ5ja/WC+h6axb0AAAAAGLxoxc7QmNOEdyFuaccJ8F86QVTQERMUreF60/EfOyvj9ZdykCP1tt2CVxy2f1CUtsE0KIzvJmuloMuHKHDSMQAAAAEcrEFJ8Ckom4fJmUxdwPWoe6ZkKreNHLcRJGiMLyf7+eof4khNqdXhcwyf3kp/L7GIiQ73MspmuUKEPc4Y/uAQ=","extension_settings":true,"extensions":true,"has_setup_completed":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA9v6Q4Y+loEmAEj0c+ls71QAAAAACAAAAAAAQZgAAAAEAACAAAADdvC89SJSVPE5fH888BtM8bRUcZNnbzIyfwrt8Y2YUeAAAAAAOgAAAAAIAACAAAACR/3uVt5coLGy72BMF/KdRJxebNLIlFm85UOEwpUjyeFAAAACRxBT6OBjlPq4zGFce160kiUmN/WFybgSgorvnnWnfEop/EKirsGCT5kArWsf7HT1hLfD2wySsU/hj1gwMu172rSBh4YcyHpNsv5uV6PennUAAAACcKSeuECxO56/NNukaQDK05jWZqIC+/WDlgUxwQvJfdFv4xgflbOmQF4Ik/4uHmsLLvGe3xoaMCZqcoHBYq+aX","last_synced_time":"13010513905685765","passwords":true,"preferences":true,"search_engines":true,"session_sync_guid":"session_syncdmn86FYZI8q781UXFWp2Fw==","sessions":true,"suppress_start":false,"themes":true,"typed_urls":true,"using_oauth":false},"sync_promo":{"user_skipped":true},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false},"translate_accepted_count":{"en":17,"pl":1,"ru":2},"translate_denied_count":{"en":0,"pl":0,"ru"
CHR Extension: (YouTube) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0
CHR Extension: (Gmail) - C:\Users\Giga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2011-01-26] (Advanced Micro Devices, Inc.)
S2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
S2 AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [168448 2011-01-06] (AVerMedia TECHNOLOGIES, Inc.)
S2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247096 2011-02-28] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVerAF35; C:\Windows\System32\Drivers\AVerAF35.sys [677632 2010-03-16] (AVerMedia TECHNOLOGIES, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
S3 ComproHID; C:\Windows\System32\DRIVERS\ComproHID64.sys [9088 2008-02-27] (Compro Tech., Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 RTL2831UBDA; C:\Windows\System32\drivers\RTL2831UBDA.sys [116000 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2831UUSB; C:\Windows\System32\Drivers\RTL2831UUSB.sys [39968 2009-08-28] (REALTEK SEMICONDUCTOR Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-03-07] (Duplex Secure Ltd.)
S3 ULCDRHlp; C:\Windows\SysWow64\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\Afc.sys 6CCD1135320109D6B219F1A6E04AD9F6
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys DCC8177244FE79C61C4E73C65E63922A
C:\Windows\System32\DRIVERS\atikmpag.sys 7FE67D107329DC2CF89136A8E19BCEB7
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\System32\Drivers\AVerAF35.sys D37F00A992A9E099B7A4136FD55B9180
C:\Windows\system32\drivers\avgtpx64.sys 3B5657B6C11CDA87F664DD6F7DD0702D
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ComproHID64.sys 3207B43EB71C5D6F29C77F909EE744F4
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03
C:\Windows\System32\drivers\ccdcmbx64.sys 907B5E1E4A592E5EDC5E4CCBDE4863C2
C:\Windows\System32\drivers\ccdcmbox64.sys 41C1AC1F3613435EB32D67BCB80A5FA5
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 285ACEC1B13A15BA520AAE06BACB9CFF
C:\Windows\System32\DRIVERS\nusb3xhc.sys F6D625FF7B56BB6EA063F0D3A5BBC996
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTL2831UBDA.sys 38BC2EA9A3F77372AE1AE1A022AE1826
C:\Windows\System32\Drivers\RTL2831UUSB.sys 6D33D376247D88AD0CAAEC40AC2E44D0
C:\Windows\System32\drivers\RTL2832UBDA.sys 50D95CF71DAB5367246C3479E96EAF47
C:\Windows\System32\Drivers\RTL2832UUSB.sys 7BA2B2447BD7A2931DDDABA534717348
C:\Windows\System32\DRIVERS\Rt64win7.sys ABCB5A38A0D85BDF69B7877E1AD1EED5
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 4B3F898DC1378CED2F35D04E5B0CE0DF
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\ULCDRHlp.sys A4E07DA3AE2078BD96E84D4BAA07B71D
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys 4E93C8496359E97830C75AC36393654D
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbser.sys 4ACEE387FA8FD39F83564FCD2FC234F2
C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys 8844CB19A37B65E27049D4A7786726A9
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-02 19:27 - 2013-04-04 09:55 - 00377856 ____A C:\Users\Giga\Desktop\gmer.exe
2013-06-02 19:02 - 2013-06-02 18:57 - 00688992 ____R (Swearware) C:\Users\Giga\Desktop\dds.exe
2013-06-02 18:42 - 2013-06-02 18:44 - 00000000 ____D C:\Users\Giga\Desktop\RK_Quarantine
2013-06-02 18:42 - 2013-06-02 18:29 - 00816128 ____A C:\Users\Giga\Desktop\RogueKiller.exe
2013-06-02 18:25 - 2013-06-02 18:32 - 00000000 ____D C:\ComboFix
2013-06-01 23:03 - 2013-06-01 23:03 - 00000000 ____D C:\Users\Giga\Documents\ArcSoft ToGo
2013-06-01 22:45 - 2013-06-02 19:30 - 00002080 ____A C:\Windows\PFRO.log
2013-06-01 22:40 - 2013-06-02 19:39 - 00000000 ____D C:\Qoobox
2013-06-01 22:40 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-01 22:40 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-01 22:40 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-01 22:40 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-01 22:40 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-01 22:40 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-01 22:40 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-01 22:40 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-01 22:39 - 2013-06-01 22:48 - 00000000 ____D C:\Windows\erdnt
2013-06-01 22:39 - 2013-06-01 22:34 - 05076199 ____R (Swearware) C:\Users\Giga\Desktop\ComboFix.exe
2013-06-01 22:00 - 2013-06-01 21:52 - 04745728 ____A (AVAST Software) C:\Users\Giga\Desktop\aswMBR.exe
2013-06-01 21:22 - 2013-06-01 21:22 - 00000512 ____A C:\PhysicalMBR.bin
2013-06-01 20:56 - 2013-06-01 20:50 - 00602112 ____A (OldTimer Tools) C:\Users\Giga\Desktop\OTL.exe
2013-06-01 20:05 - 2013-06-01 20:05 - 00000000 ____D C:\rsit
2013-06-01 20:05 - 2013-06-01 20:05 - 00000000 ____D C:\Program Files\trend micro
2013-06-01 19:27 - 2013-06-01 19:27 - 00000000 ____D C:\FRST
2013-05-31 14:14 - 2013-05-31 14:30 - 00000000 ____D C:\Users\Giga\Desktop\2013_igrzyska_atletyczne
2013-05-28 18:09 - 2013-05-28 18:29 - 00000000 ____D C:\Users\Giga\Desktop\zahrada
2013-05-25 19:24 - 2013-05-25 19:24 - 00001194 ____A C:\Users\Giga\Desktop\Odkazy aplikace Windows Media Center.lnk
2013-05-25 19:24 - 2013-05-25 19:24 - 00000000 ____D C:\Users\Public\Documents\Odkazy aplikace Windows Media Center
2013-05-25 11:57 - 2011-03-03 10:29 - 00000000 ____D C:\Users\Giga\Desktop\AP6
2013-05-25 09:51 - 2013-05-25 09:51 - 00002118 ____A C:\Users\Giga\Desktop\Minecraft.lnk
2013-05-25 09:51 - 2013-05-25 09:51 - 00000000 ____D C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-25 09:18 - 2013-05-25 20:11 - 00000000 ____D C:\Users\Giga\Desktop\hry
2013-05-20 20:08 - 2013-05-20 20:08 - 00003716 ____A C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 16:38 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 16:38 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 16:38 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 16:38 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 16:37 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 16:37 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 16:37 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 16:37 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 16:37 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 16:37 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 16:37 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 16:37 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 16:37 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 16:37 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 16:37 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 16:37 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 16:37 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 16:37 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 16:37 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 16:37 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 16:37 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 16:37 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 16:37 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 16:37 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 16:37 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 16:37 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 16:37 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 16:37 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 16:37 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 16:37 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 16:37 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 16:37 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 15:55 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 15:55 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 15:55 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 15:55 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 15:55 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 15:55 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 15:55 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 15:55 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 15:55 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 15:54 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 15:54 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 15:54 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

==================== One Month Modified Files and Folders =======

2013-06-03 16:08 - 2011-03-07 14:48 - 00000000 ____D C:\Users\Giga\AppData\Roaming\Skype
2013-06-03 16:07 - 2013-01-30 04:54 - 00024211 ____A C:\Windows\setupact.log
2013-06-03 16:07 - 2011-06-29 04:23 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-03 16:07 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 20:50 - 2011-03-07 13:54 - 01201750 ____A C:\Windows\WindowsUpdate.log
2013-06-02 20:26 - 2012-05-24 20:31 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-02 20:10 - 2011-06-29 04:23 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-02 19:58 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:58 - 2009-07-14 06:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 19:39 - 2013-06-01 22:40 - 00000000 ____D C:\Qoobox
2013-06-02 19:30 - 2013-06-01 22:45 - 00002080 ____A C:\Windows\PFRO.log
2013-06-02 19:01 - 2011-08-14 21:12 - 00000264 ____A C:\Windows\Tasks\RMSchedule.job
2013-06-02 18:57 - 2013-06-02 19:02 - 00688992 ____R (Swearware) C:\Users\Giga\Desktop\dds.exe
2013-06-02 18:44 - 2013-06-02 18:42 - 00000000 ____D C:\Users\Giga\Desktop\RK_Quarantine
2013-06-02 18:32 - 2013-06-02 18:25 - 00000000 ____D C:\ComboFix
2013-06-02 18:31 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-06-02 18:29 - 2013-06-02 18:42 - 00816128 ____A C:\Users\Giga\Desktop\RogueKiller.exe
2013-06-02 18:28 - 2011-06-08 18:10 - 00692692 ____A C:\Windows\System32\perfh015.dat
2013-06-02 18:28 - 2011-06-08 18:10 - 00135746 ____A C:\Windows\System32\perfc015.dat
2013-06-02 18:28 - 2011-06-08 18:02 - 00678924 ____A C:\Windows\System32\perfh019.dat
2013-06-02 18:28 - 2011-06-08 18:02 - 00133422 ____A C:\Windows\System32\perfc019.dat
2013-06-02 18:28 - 2011-06-08 17:45 - 00646802 ____A C:\Windows\System32\perfh007.dat
2013-06-02 18:28 - 2011-06-08 17:45 - 00130446 ____A C:\Windows\System32\perfc007.dat
2013-06-02 18:28 - 2009-07-14 17:18 - 00634568 ____A C:\Windows\System32\perfh005.dat
2013-06-02 18:28 - 2009-07-14 17:18 - 00123158 ____A C:\Windows\System32\perfc005.dat
2013-06-02 18:28 - 2009-07-14 07:13 - 03893864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 23:03 - 2013-06-01 23:03 - 00000000 ____D C:\Users\Giga\Documents\ArcSoft ToGo
2013-06-01 22:48 - 2013-06-01 22:39 - 00000000 ____D C:\Windows\erdnt
2013-06-01 22:44 - 2012-02-11 14:06 - 00000000 __SHD C:\ProgramData\529802
2013-06-01 22:34 - 2013-06-01 22:39 - 05076199 ____R (Swearware) C:\Users\Giga\Desktop\ComboFix.exe
2013-06-01 21:52 - 2013-06-01 22:00 - 04745728 ____A (AVAST Software) C:\Users\Giga\Desktop\aswMBR.exe
2013-06-01 21:22 - 2013-06-01 21:22 - 00000512 ____A C:\PhysicalMBR.bin
2013-06-01 20:50 - 2013-06-01 20:56 - 00602112 ____A (OldTimer Tools) C:\Users\Giga\Desktop\OTL.exe
2013-06-01 20:05 - 2013-06-01 20:05 - 00000000 ____D C:\rsit
2013-06-01 20:05 - 2013-06-01 20:05 - 00000000 ____D C:\Program Files\trend micro
2013-06-01 19:27 - 2013-06-01 19:27 - 00000000 ____D C:\FRST
2013-05-31 14:30 - 2013-05-31 14:14 - 00000000 ____D C:\Users\Giga\Desktop\2013_igrzyska_atletyczne
2013-05-30 19:17 - 2011-03-16 05:48 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for Giga.job
2013-05-28 23:21 - 2011-03-08 22:04 - 00000000 ____D C:\Users\Giga\Documents\gizbern
2013-05-28 18:29 - 2013-05-28 18:09 - 00000000 ____D C:\Users\Giga\Desktop\zahrada
2013-05-28 18:28 - 2013-01-19 18:49 - 00000000 ____D C:\Users\Giga\Desktop\tel
2013-05-28 07:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-27 15:50 - 2011-03-07 13:54 - 00000000 ____D C:\Users\Giga\AppData\Local\VirtualStore
2013-05-26 06:23 - 2009-07-14 07:08 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-25 20:12 - 2011-03-11 20:29 - 00188416 __ASH C:\Users\Giga\Documents\Thumbs.db
2013-05-25 20:11 - 2013-05-25 09:18 - 00000000 ____D C:\Users\Giga\Desktop\hry
2013-05-25 19:58 - 2012-09-09 07:29 - 00002005 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2013-05-25 19:27 - 2011-03-07 18:01 - 00013384 ____A C:\Users\Giga\AppData\Roaming\AVSDVDPlayer.m3u
2013-05-25 19:24 - 2013-05-25 19:24 - 00001194 ____A C:\Users\Giga\Desktop\Odkazy aplikace Windows Media Center.lnk
2013-05-25 19:24 - 2013-05-25 19:24 - 00000000 ____D C:\Users\Public\Documents\Odkazy aplikace Windows Media Center
2013-05-25 19:24 - 2013-03-25 20:39 - 00084480 __ASH C:\Users\Giga\Desktop\Thumbs.db
2013-05-25 19:20 - 2011-10-14 22:41 - 00022528 ____A C:\Users\Giga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-25 13:11 - 2011-06-29 04:23 - 00002183 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-25 12:00 - 2011-03-07 14:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-25 11:59 - 2011-06-01 15:27 - 00000000 ____D C:\Program Files (x86)\AVerMedia
2013-05-25 11:52 - 2011-11-16 22:12 - 00000000 ____D C:\Users\Giga\Documents\dawid
2013-05-25 11:51 - 2011-09-01 07:08 - 00000000 ____D C:\Users\Giga\Desktop\nonstoptesty
2013-05-25 09:51 - 2013-05-25 09:51 - 00002118 ____A C:\Users\Giga\Desktop\Minecraft.lnk
2013-05-25 09:51 - 2013-05-25 09:51 - 00000000 ____D C:\Users\Giga\AppData\Roaming\.minecraft
2013-05-20 20:08 - 2013-05-20 20:08 - 00003716 ____A C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-05-20 20:08 - 2012-09-04 14:38 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-20 20:08 - 2012-05-27 12:52 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-18 08:11 - 2012-05-05 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-17 17:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-15 19:26 - 2012-05-24 20:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 19:26 - 2012-05-24 20:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 18:37 - 2009-07-14 06:45 - 00422056 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2013-05-15 18:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\sk-SK
2013-05-15 16:44 - 2009-07-14 04:34 - 00000681 ____A C:\Windows\win.ini
2013-05-15 16:41 - 2011-03-07 15:40 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-05 23:36 - 2013-05-15 16:38 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-15 16:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-15 16:38 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-15 16:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Správce spouštění systému Windows
--------------------
identifikátor {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zaváděcí program pro spouštění systému Windows
-------------------
identifikátor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {b255857f-0a0d-11e0-bb1d-b7e02b5ce133}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
nx OptIn

Zaváděcí program pro spouštění systému Windows
-------------------
identifikátor {b255857f-0a0d-11e0-bb1d-b7e02b5ce133}
device ramdisk=[C:]\Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\Winre.wim,{b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\Winre.wim,{b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
systemroot \windows
nx OptIn
winpe Yes

Obnovení z hibernace
---------------------
identifikátor {b255857d-0a0d-11e0-bb1d-b7e02b5ce133}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testování paměti systému Windows
---------------------
identifikátor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostika paměti systému Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavení služby EMS
------------
identifikátor {emssettings}
bootems Yes

Nastavení ladicího programu
-----------------
identifikátor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby paměti RAM
-----------
identifikátor {badmemory}

Globální nastavení
---------------
identifikátor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavení spouštěcího zavaděče
--------------------
identifikátor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavení hypervisoru
-------------------
identifikátor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavení zavaděče obnovení
----------------------
identifikátor {resumeloadersettings}
inherit {globalsettings}

Parametry zařízení
--------------
identifikátor {b2558580-0a0d-11e0-bb1d-b7e02b5ce133}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\b255857f-0a0d-11e0-bb1d-b7e02b5ce133\boot.sdi



Last Boot: 2013-05-26 15:04

==================== End Of Log ============================

[tomastt]

myslím že je to OK

[tomastt]

OK Díky moc