Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nejde nainstalovat ESS6

Toto je komunitní fórum a je spravováno rádci, moderátory a adminy fóra viry.cz.

Moderátoři: james008, JaRon, Moderátoři

Pravidla fóra
TIP: Před položením dotazu se prosím podívejte do databáze znalostí ESET: https://servis.eset.cz/index.php?/Knowledgebase/List

Přečtěte si prosím před položením dotazu tato pravidla sekce ESET: http://forum.viry.cz/viewtopic.php?f=56&t=119537
Zpráva
Autor
wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Nejde nainstalovat ESS6

#1 Příspěvek od wazzir »

Zdravím, mám problém při istalacei Eset Smart Security 6. Nejdříve mi to psalo, že to nemůže přečíst nějaký .msi soubor v C:\Windows\Installer\.., tak jsem pročistil registry a kompletně odstranil předchozí verzi. Jenže teď mi to při instalaci píše "Službu 'ESET Service' (ekrn) nelze nainstalovat. Přesvědčte se, zda máte dostatečná oprávnění pro instalaci systémových služeb" - tyto oprávnění kdybych neměl, tak mi tak instalace nedojede takhle daleko..
Přikládám výpis z HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:08, on 25.2.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Windows\system32\taskhost.exe
C:\Users\wazzir\Desktop\hijackthis.exe
C:\Windows\system32\taskeng.exe
C:\Users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4283] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE601] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7236] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\chrome.pak"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1454] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2919] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\icudt.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5170] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6939] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\locales\en-US.pak"
O4 - HKLM\..\RunOnce: [SpybotDeletingE7240] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\Newtonsoft.Json.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE4949] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9187] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8364] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal"
O4 - HKLM\..\RunOnce: [SpybotDeletingE132] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE3497] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2138] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingE1732] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9374] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE6416] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8442] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingE2622] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE8456] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingE9060] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKLM\..\RunOnce: [SpybotDeletingE5838] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [SpybotDeletingF4608] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1083] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7037] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\chrome.pak"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2414] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8442] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\icudt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9829] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7725] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\locales\en-US.pak"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2826] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\Newtonsoft.Json.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8947] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF7723] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1908] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2568] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8331] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF9900] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4065] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF6471] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF8352] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingF161] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingF1278] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2977] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingF2095] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingF4702] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\Run: [Facebook Update] "C:\Users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF4608] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF8442] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\icudt.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF9829] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF7725] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\locales\en-US.pak" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF2826] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\Newtonsoft.Json.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF8947] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF7723] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF1908] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF2568] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF8331] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF9900] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF4065] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF6471] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF8352] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF161] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF1278] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF2977] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll_old" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF2095] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook\Facebook Messenger.lnk" (User '?')
O4 - HKUS\S-1-5-21-2874122159-4245340976-1931379245-1000\..\RunOnce: [SpybotDeletingF4702] "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk" (User '?')
O4 - S-1-5-21-2874122159-4245340976-1931379245-1000 Startup: debug.log (User '?')
O4 - S-1-5-21-2874122159-4245340976-1931379245-1000 Startup: Facebook Messenger.lnk = wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (User '?')
O4 - Startup: debug.log
O4 - Startup: Facebook Messenger.lnk = wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Theme Resource Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - c:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 21256 bytes
Naposledy upravil(a) cernohous13 dne 25 úno 2013 15:16, celkem upraveno 1 x.
Důvod: odstraněno z [code] - nepoužívej

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#2 Příspěvek od wazzir »

A pokud to půjde, dá se z toho zjistit proč mi nefunguje Centrum zabezpečení? Dole v liště mám zprávu "Zapnout službu Centrum zabezpečení systému Windows (Důležíté), ale když na to kliknu tak mi vyběthne tabulka "Službu Centrum zabezpečení systému Windows nelze spustit". Zkoušel jsem to zapnout i podle různch návodů ve službách, nastvit automatické spouštění s prodlevou, apod.. Ale stejně to nechce najet.. Předem děkuji za pomoc :)

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#3 Příspěvek od vyosek »

Zdravim :)

:arrow: Odinstalujte Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

:arrow: Vidim nainstalovany MBAM, delal jste sken??

:arrow: Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 - je podrobnejsi nez HJT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#4 Příspěvek od wazzir »

MBAM jsem to nechal projet - vyhodilu mi to nějaké 2 hrozby, tak jsem je nechal smazat.. Je někde uložený ten log, že bych ho sem hodil? Zkusil jsem to znovu nainstalovat, a nic mi tam nenaskočilo, akorát před koncem instalace po kopírování souborů tam naskočilo že se akce vrací zpět. Teď se mi spouští při zapnutí Win, v registrech není zapsaný a píše:

Antivirová ochrana je vypnutá
Závažná chyba při spouštění rezidentní ochrany souborového systému. Počítač není chráněn proti hrozbám. Je nutné pogram přeinstalovat!

Když ho chci přeinstalovat, tak mi to píše zase že službu ekrn nelze vypnout, a když ho chci vypnout ve správci úloh, tak když dám zastavit službu, tak mi to napíše "Operace nebyla dokončena. Požadovaný pokyn není pro tuto službu platný." a když dám vypnout proces ekrn.exe, tak se vypne a znovu zapne a vytěžuje procesor na 50%.

RSIT spustit nejde. Dám tam: List files/folders created or modified in the last: 1 month, pak Continue a když tam naskočí Listing services and drivers, tak mi vyjede tabulka "Line -1: Error: Variable used without beign declared.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#5 Příspěvek od wazzir »

Tak log z MBAM jsem našel, tady je.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.25.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
wazzir :: WAZZIR-PC [administrátor]

Ochrana: Povolena

25.2.2013 22:46:07
mbam-log-2013-02-25 (22-46-07).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 213620
Uplynulý čas: 6 minut, 57 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Users\wazzir\AppData\Local\Temp\~nsu.tmp\Au_.exe (Riskware.KG) -> Přesun do karantény a smazání se zdařilo.
C:\Windows\KMSEmulator.exe (RiskWare.Tool.CK) -> Přesun do karantény a smazání se zdařilo.

(konec)

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#6 Příspěvek od vyosek »

Na ten ESS mate zakoupenou licenci ??

Dejte log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#7 Příspěvek od wazzir »

Na ESS licenci mám :) Tady je log z DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by wazzir at 21:51:19 on 2013-02-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2975.1058 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=14672
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "c:\users\wazzir\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
StartupFolder: c:\users\wazzir\appdata\roaming\micros~1\windows\startm~1\programs\startup\facebo~1.lnk - c:\users\wazzir\appdata\local\facebook\messenger\2.1.4651.0\FacebookMessenger.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\3484144514D49425 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\7697D6465787 : DHCPNameServer = 192.168.1.250
TCP: Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}\B657C647572716 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FEB18EF4-2D0D-459A-AC00-9CFC5807A22B} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
STS: CThemeResourceChangerObject Class - {F791A188-699D-4FD4-955A-EB59E89B1907} - c:\program files\theme resource changer\ThemeResourceChanger.dll
LSA: Notification Packages = scecli c:\program files\widcomm\bluetooth software\BtwProximityCP.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/ig
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\wazzir\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-02-23 16:44; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\wazzir\appdata\roaming\mozilla\firefox\profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-11 530752]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-11 24896]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2009-2-3 63096]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2011-1-26 24680]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-6-23 87968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-1-18 17920]
R2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2012-9-21 7168]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek usb 2.0 card reader\RIconMan.exe [2012-12-4 1828496]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-11 682344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-11 398184]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-3-15 127488]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-23 21104]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-12-4 190976]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-4 585872]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2011-9-8 1117800]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-8-31 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-6-27 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-10-18 504360]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-10-18 33832]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-6-23 227896]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2012-12-31 13440]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2013-1-1 15576]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2013-1-1 10200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-27 14848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-6-27 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-6-27 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-6-27 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-6-27 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-27 49664]
S3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-23 1343400]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2012-11-13 14416]
S4 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;d:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S4 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2012-8-31 743320]
.
=============== Created Last 30 ================
.
2013-02-26 11:45:22 -------- d-----w- c:\programdata\[Manufacturer]
2013-02-26 11:44:19 -------- d-----w- c:\users\wazzir\appdata\roaming\4GF.CZ
2013-02-26 10:22:24 -------- d-----w- c:\program files\trend micro
2013-02-26 08:15:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-25 22:46:41 -------- d-s---w- C:\ComboFix
2013-02-25 16:27:21 -------- d-----w- c:\program files\DVDVideoSoft
2013-02-25 16:27:21 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-02-25 11:22:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-02-24 21:33:38 -------- d-----w- c:\users\wazzir\appdata\local\Skyrim
2013-02-24 16:52:38 -------- d-----w- c:\users\wazzir\appdata\roaming\TechSmith
2013-02-24 10:36:20 -------- d-----w- c:\users\wazzir\appdata\local\Razer
2013-02-23 21:50:36 -------- d-----w- c:\program files\Theme Resource Changer
2013-02-23 21:49:23 44544 ----a-w- c:\windows\system32\Gif89.dll
2013-02-23 20:12:45 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-21 14:54:47 -------- d-----w- c:\program files\Audacity
2013-02-17 13:26:53 -------- d-----w- c:\users\wazzir\appdata\local\ds_lan
2013-02-14 20:38:20 720896 ----a-w- c:\windows\EAInstall.dll
2013-02-13 17:28:17 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 17:28:01 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 17:27:59 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 17:27:57 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 17:27:57 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 17:27:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 00:26:34 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-02-12 21:20:32 -------- d-----w- c:\users\wazzir\appdata\roaming\SYSTEMAX Software Development
2013-02-12 21:20:32 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2013-02-10 14:49:47 405360 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 21:04:25 -------- d-----w- c:\users\wazzir\appdata\roaming\Need for Speed World
2013-02-08 15:51:20 -------- d-----w- c:\users\wazzir\appdata\local\Electronic_Arts_Inc
2013-02-04 17:22:41 -------- d-----w- c:\program files\common files\reFX
2013-02-04 17:18:04 1332224 ----a-w- c:\windows\system32\SYNSOEMU.DLL
2013-02-04 16:07:20 -------- d-----w- c:\program files\ASIO4ALL v2
2013-02-04 16:00:20 1554944 ----a-w- c:\windows\system32\vorbis.acm
2013-02-03 19:08:47 -------- d-----w- c:\windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2013-02-01 11:08:24 -------- d-----w- c:\users\wazzir\appdata\roaming\Origin
2013-02-01 11:08:23 -------- d-----w- c:\program files\Origin Games
2013-02-01 11:08:19 -------- d-----w- c:\users\wazzir\appdata\local\Origin
2013-02-01 11:06:09 -------- d-----w- c:\programdata\Origin
2013-02-01 11:06:03 -------- d-----w- c:\program files\Origin
.
==================== Find3M ====================
.
2013-02-24 16:00:22 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-02-24 16:00:03 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-02-24 16:00:03 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-02-24 15:58:59 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-23 20:12:25 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-23 20:12:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-11 16:11:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-01-11 16:10:05 22328 ----a-w- c:\users\wazzir\appdata\roaming\PnkBstrK.sys
2013-01-11 16:09:27 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2013-01-10 08:25:20 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-08 22:11:21 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-25 13:00:19 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-14 15:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 21:53:23,87 ===============


S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe -> nevím proč to tam je, když ten soubor už neexistuje, ani ta složka už tam není

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#8 Příspěvek od vyosek »

:arrow: S ComboFixem jste tam provadel co??

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: Zkuste ESS nainstalovat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#9 Příspěvek od wazzir »

ComboFix tam mám už dlouho, dříve jsem měl s něčím problém a potřeboval jsem log..
V nouzovém režimu ho nespustím, mám notebook a mám prasklý display, tak než budu mít nový tak na něm mám připojený monitor, který nabíhá až na obrazovce při přihlášení.

ESS jsem tedy smazal ručně podle tohoto návodu http://www.viry.cz/forum/viewtopic.php?p=889437#p889437. Jdu ho zkusit nainstalovat

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#10 Příspěvek od vyosek »

:arrow: CF neni na bezne uzivani, navic je i treba i nekolikrat denne aktualizovan a je treba s nim umet zachazet

:arrow: licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

:arrow: Nebezpeci CFka
  • Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
  • Maze stopy po haveti, takze v logu z RSIT neni nic videt
  • Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
  • CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
  • CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
:arrow: Pouzijte spise ten ESETUninstaller nez rucni mazani
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#11 Příspěvek od wazzir »

Nepoužíval jsem ho proto, že by se mi chtělo. Na nějakém fóru jsem něco řešil, a bylo mi řečeno, že ho mám použít.. A tady jsem se konečně dočetl, jak to smazat :) Jinak funguje ten ESETuninstaller i v normálním řežimu, když ho do nouzáku nespustím?

Jinak ESS se nainstaluje, ale na konci se to zase vrátí zpět .. Neukáže to žádnou chybovou tabulku, prostě tam jen naskočí že se vrací a zůstala nainstalovaná jen část souborů.

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#12 Příspěvek od vyosek »

Zkuste v normalnim ale tusim chce spustit v nouzaku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#13 Příspěvek od wazzir »

Ano, potřebuje spustit v nouzáku - jenže tam se nedostanu.. Nějaký jiný nápad?

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Nejde nainstalovat ESS6

#14 Příspěvek od vyosek »

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
  • Kód: Vybrat vše

    CREATERESTOREPOINT
    
    netsvcs
    drivers32
    savembr:0
    
    /md5start
    atapi.sys
    autochk.exe
    cdrom.sys
    explorer.exe
    hal.dll
    scecli.dll
    services.exe
    svchost.exe
    tcpip.sys
    userinit.exe
    winlogon.exe
    /md5stop
    
    %systemroot%*.* /U /s
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\drivers\*.sys /3
    %systemroot%\system32\*.* /3
    %SYSTEMDRIVE%\*.exe
    
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
    
    %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
    %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
    %PROGRAMFILES%\Opera\opera.exe /md5
    %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
    
    %SystemDrive%\PhysicalMBR.bin /md5 
    
    *crack* /s
    *keygen* /s
    *loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

wazzir
Návštěvník
Návštěvník
Příspěvky: 72
Registrován: 25 úno 2013 13:28

Re: Nejde nainstalovat ESS6

#15 Příspěvek od wazzir »

OTL logfile created on: 28.2.2013 9:30:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\wazzir\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,91 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 41,65% Memory free
5,81 Gb Paging File | 4,03 Gb Available in Paging File | 69,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,69 Gb Total Space | 12,10 Gb Free Space | 23,86% Space Free | Partition Type: NTFS
Drive D: | 247,40 Gb Total Space | 28,74 Gb Free Space | 11,62% Space Free | Partition Type: NTFS

Computer Name: WAZZIR-PC | User Name: wazzir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.02.28 09:27:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\wazzir\Desktop\OTL.exe
PRC - [2013.02.27 20:12:21 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.09.25 11:05:20 | 000,247,728 | ---- | M] (Facebook) -- C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
PRC - [2012.09.07 21:06:24 | 001,828,496 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2012.08.21 16:09:06 | 005,995,152 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
PRC - [2012.08.17 03:37:50 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.04.17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012.04.01 11:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.01.18 14:03:12 | 000,017,920 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009.11.17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013.02.27 20:12:21 | 003,067,288 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.02.14 06:15:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013.02.14 06:15:32 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.10 15:49:46 | 006,275,440 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2013.01.09 23:59:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013.01.09 23:58:30 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 23:58:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 23:58:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 23:58:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 23:57:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012.11.13 21:53:04 | 000,121,472 | ---- | M] () -- C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2012.09.25 11:05:32 | 022,423,984 | ---- | M] () -- C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll
MOD - [2012.09.25 11:05:08 | 000,181,680 | ---- | M] () -- C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll
MOD - [2012.09.25 11:05:00 | 000,286,640 | ---- | M] () -- C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll
MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll
MOD - [2010.11.13 03:37:03 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2013.02.27 20:12:21 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.09.07 21:06:24 | 001,828,496 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.08.17 03:37:50 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.06.23 12:32:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.04.01 11:22:20 | 000,786,208 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.01.04 20:57:00 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.18 14:03:12 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.11.17 17:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.15 09:06:12 | 002,233,400 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys -- (VSPerfDrv100)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\wazzir\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a52khd95)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.13 21:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012.08.29 17:47:56 | 000,190,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.20 15:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.08.20 15:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012.08.17 03:33:28 | 000,530,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaStorA.sys -- (iaStorA)
DRV - [2012.08.17 03:33:24 | 000,024,896 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaStorF.sys -- (iaStorF)
DRV - [2012.06.27 09:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2012.06.27 09:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2012.06.27 09:37:56 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2012.06.27 09:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2012.06.27 09:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2012.06.23 21:57:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2012.06.23 21:39:47 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.06.23 20:48:24 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011.11.25 01:26:04 | 000,013,440 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)
DRV - [2011.09.08 00:46:56 | 001,117,800 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.01.26 18:28:20 | 000,024,680 | ---- | M] (CaptainFlint Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\vd_filedisk.sys -- (VD_FileDisk)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.03.15 07:44:48 | 000,127,488 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.09.16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.04.28 09:08:42 | 000,461,824 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2009.02.03 16:39:23 | 000,063,096 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a)
DRV - [2009.02.03 16:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2007.02.08 18:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02)
DRV - [2006.12.23 10:44:59 | 000,080,768 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2006.12.23 10:43:17 | 000,077,120 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2006.07.10 17:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
DRV - [2006.06.14 15:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2005.12.21 10:16:58 | 000,007,136 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\wazzir\Desktop
IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=14672
IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..\SearchScopes\{73CC8476-1881-4E6C-9122-AB0139FEBFAF}: "URL" = http://websearch.ask.com/redirect?clien ... 2C22FB8134
IE - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/ig"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\wazzir\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\wazzir\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.27 20:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.27 20:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2012.06.23 12:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Extensions
[2012.06.23 12:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2013.01.11 17:45:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions
[2013.01.11 17:45:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.06.23 12:19:11 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2012.06.23 12:19:11 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012.06.23 12:19:11 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.06.23 12:19:12 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013.01.11 17:45:23 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\battlefieldheroespatcher@ea.com
[2012.06.23 12:19:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\info@djzig.com
[2013.02.23 16:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions
[2013.01.11 17:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions
[2013.01.11 17:45:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.01.11 17:45:37 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012.06.23 12:19:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.01.11 17:45:37 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\battlefieldheroespatcher@ea.com
[2012.11.26 21:52:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.18 21:15:00 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.02.23 16:44:47 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013.02.14 15:53:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.27 12:11:21 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\l8y45beo.default-1357922519814\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.11.26 21:52:17 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.18 21:15:00 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\momhkwq7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.06.23 13:42:15 | 000,002,324 | ---- | M] () -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\searchplugins\askcom.xml
[2011.11.02 09:53:40 | 000,002,055 | ---- | M] () -- C:\Users\wazzir\AppData\Roaming\Mozilla\Firefox\Profiles\j3bxqh29.default\searchplugins\daemon-search.xml
[2013.02.27 20:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\WAZZIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MH7WQ3JA.DEFAULT-1340535211364\EXTENSIONS\{1018E4D6-728F-4B20-AD56-37578A4DE76B}
File not found (No name found) -- C:\USERS\WAZZIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MH7WQ3JA.DEFAULT-1340535211364\EXTENSIONS\{AB91EFD4-6975-4081-8552-1B3922ED79E2}
File not found (No name found) -- C:\USERS\WAZZIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MH7WQ3JA.DEFAULT-1340535211364\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
File not found (No name found) -- C:\USERS\WAZZIR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MH7WQ3JA.DEFAULT-1340535211364\EXTENSIONS\BATTLEFIELDHEROESPATCHER@EA.COM
[2013.02.27 20:12:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.21 15:33:53 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013.02.27 20:12:20 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.02.27 20:12:20 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.02.27 20:12:20 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.02.27 20:12:20 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.02.27 20:12:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2013.02.25 13:05:42 | 000,444,895 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15278 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000..\Run: [Facebook Update] C:\Users\wazzir\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\wazzir\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2874122159-4245340976-1931379245-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8429620B-D013-41B1-93BB-4086B7872A6D}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEB18EF4-2D0D-459A-AC00-9CFC5807A22B}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Theme Resource Changer - C:\Program Files\Theme Resource Changer\ThemeResourceChanger.dll (Bad Ass Apps)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tsc2 - C:\Windows\System32\tsc2_codec32.dll (TechSmith Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2013.02.28 09:27:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\wazzir\Desktop\OTL.exe
[2013.02.27 22:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013.02.27 22:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.02.27 21:01:30 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.02.27 21:01:26 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.02.27 21:01:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.02.27 21:01:23 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 21:01:23 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 21:01:23 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 21:01:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 21:01:22 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 21:01:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 21:01:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 21:01:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 21:01:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 21:01:21 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.02.27 21:01:20 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.02.27 21:01:20 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.02.27 21:01:20 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.02.27 21:01:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.02.27 21:01:20 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.02.27 21:01:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.02.27 21:01:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.02.27 21:01:19 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.02.27 21:01:19 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.02.27 21:01:19 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.02.27 21:01:19 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.02.27 21:01:18 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.02.27 20:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.02.26 21:51:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\wazzir\Desktop\dds.exe
[2013.02.26 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4GF.CZ
[2013.02.26 12:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\[Manufacturer]
[2013.02.26 12:44:19 | 000,000,000 | ---D | C] -- C:\Users\wazzir\AppData\Roaming\4GF.CZ
[2013.02.26 11:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.02.26 11:22:23 | 000,000,000 | ---D | C] -- C:\rsit
[2013.02.26 09:15:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.25 23:46:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013.02.25 23:33:21 | 000,501,240 | ---- | C] (Facebook Inc.) -- C:\Users\wazzir\Desktop\FacebookMessengerSetup_v1.2.205.0.exe
[2013.02.25 17:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.02.25 17:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.02.25 17:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.02.25 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\wazzir\Documents\ProcAlyzer Dumps
[2013.02.25 12:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.02.25 10:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013.02.24 22:33:38 | 000,000,000 | ---D | C] -- C:\Users\wazzir\AppData\Local\Skyrim
[2013.02.24 22:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911
[2013.02.24 17:52:38 | 000,000,000 | ---D | C] -- C:\Users\wazzir\AppData\Roaming\TechSmith
[2013.02.24 17:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013.02.24 11:36:20 | 000,000,000 | ---D | C] -- C:\Users\wazzir\AppData\Local\Razer
[2013.02.24 11:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2013.02.24 11:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2013.02.24 11:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Razer
[2013.02.23 22:51:41 | 000,000,000 | ---D | C] -- C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Theme Resource Changer X86 v1.0
[2013.02.23 22:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Theme Resource Changer
[2013.02.23 21:13:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.23 21:12:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.23 21:12:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.23 21:12:45 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.23 21:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.02.21 15:54:47 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.02.28 09:33:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.02.28 09:27:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\wazzir\Desktop\OTL.exe
[2013.02.28 09:27:06 | 000,711,330 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2013.02.28 09:27:06 | 000,683,130 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.28 09:27:06 | 000,663,808 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.02.28 09:27:06 | 000,649,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.28 09:27:06 | 000,146,498 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2013.02.28 09:27:06 | 000,144,862 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.28 09:27:06 | 000,137,620 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.02.28 09:27:06 | 000,119,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.28 09:26:53 | 000,014,544 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 09:26:53 | 000,014,544 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 09:21:49 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.02.28 09:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.27 23:02:37 | 000,058,270 | ---- | M] () -- C:\Windows\System32\epfwdata.bin
[2013.02.27 22:27:34 | 000,001,152 | ---- | M] () -- C:\Users\wazzir\AppData\Local\share-rapid.nast
[2013.02.27 21:04:38 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.27 20:39:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2874122159-4245340976-1931379245-1000UA.job
[2013.02.27 18:39:21 | 000,009,910 | ---- | M] () -- C:\Users\wazzir\Documents\cc_20130227_183919.reg
[2013.02.26 21:51:08 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\wazzir\Desktop\dds.exe
[2013.02.26 14:56:01 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2013.02.26 12:45:22 | 000,000,710 | ---- | M] () -- C:\Users\Public\Desktop\4GF Game Client.lnk
[2013.02.26 11:22:13 | 000,781,909 | ---- | M] () -- C:\Users\wazzir\Desktop\RSIT.exe
[2013.02.25 23:39:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2874122159-4245340976-1931379245-1000Core.job
[2013.02.25 23:34:58 | 000,001,330 | ---- | M] () -- C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.25 23:33:25 | 000,501,240 | ---- | M] (Facebook Inc.) -- C:\Users\wazzir\Desktop\FacebookMessengerSetup_v1.2.205.0.exe
[2013.02.25 22:12:52 | 000,010,872 | ---- | M] () -- C:\Users\wazzir\Documents\Untitled.veg
[2013.02.25 17:27:32 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Uploader.lnk
[2013.02.25 13:05:42 | 000,444,895 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.02.25 13:02:19 | 000,002,384 | ---- | M] () -- C:\Windows\wininit.ini
[2013.02.25 11:52:07 | 000,000,131 | ---- | M] () -- C:\Windows\System32\_WKERNEL.SYL
[2013.02.25 11:51:51 | 000,024,858 | ---- | M] () -- C:\Users\wazzir\Documents\cc_20130225_115149.reg
[2013.02.25 11:51:31 | 000,676,742 | ---- | M] () -- C:\Users\wazzir\Documents\cc_20130225_115118.reg
[2013.02.25 11:21:00 | 003,934,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.25 10:22:31 | 000,009,224 | ---- | M] () -- C:\Users\wazzir\AppData\Local\share-rapid.err
[2013.02.24 22:33:24 | 000,001,261 | ---- | M] () -- C:\Users\wazzir\Desktop\Skyrim.lnk
[2013.02.24 17:34:57 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.02.24 17:31:33 | 000,000,901 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130225-130542.backup
[2013.02.24 17:00:22 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.02.24 17:00:03 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.02.24 16:58:59 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.02.24 11:35:53 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.02.23 22:49:23 | 000,044,544 | ---- | M] () -- C:\Windows\System32\Gif89.dll
[2013.02.23 21:12:34 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.02.23 21:12:27 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013.02.23 21:12:27 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.02.23 21:12:26 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.02.23 21:12:25 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.02.23 21:12:25 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.02.21 15:55:08 | 000,000,977 | ---- | M] () -- C:\Users\wazzir\Desktop\Audacity.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.02.28 09:33:20 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.02.27 23:02:36 | 000,058,270 | ---- | C] () -- C:\Windows\System32\epfwdata.bin
[2013.02.27 21:04:38 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.02.27 18:39:20 | 000,009,910 | ---- | C] () -- C:\Users\wazzir\Documents\cc_20130227_183919.reg
[2013.02.26 12:45:22 | 000,000,710 | ---- | C] () -- C:\Users\Public\Desktop\4GF Game Client.lnk
[2013.02.26 11:22:02 | 000,781,909 | ---- | C] () -- C:\Users\wazzir\Desktop\RSIT.exe
[2013.02.25 23:34:58 | 000,001,330 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013.02.25 22:12:52 | 000,010,872 | ---- | C] () -- C:\Users\wazzir\Documents\Untitled.veg
[2013.02.25 17:27:32 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Uploader.lnk
[2013.02.25 13:00:12 | 000,002,384 | ---- | C] () -- C:\Windows\wininit.ini
[2013.02.25 11:51:50 | 000,024,858 | ---- | C] () -- C:\Users\wazzir\Documents\cc_20130225_115149.reg
[2013.02.25 11:51:20 | 000,676,742 | ---- | C] () -- C:\Users\wazzir\Documents\cc_20130225_115118.reg
[2013.02.25 11:20:04 | 003,934,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.25 10:28:59 | 000,000,144 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\.lnk
[2013.02.24 22:33:24 | 000,001,261 | ---- | C] () -- C:\Users\wazzir\Desktop\Skyrim.lnk
[2013.02.24 17:34:56 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 8.lnk
[2013.02.24 11:58:16 | 000,000,874 | ---- | C] () -- C:\Users\wazzir\Desktop\Play Tower Bloxx Deluxe.lnk
[2013.02.24 11:58:13 | 000,001,336 | ---- | C] () -- C:\Users\wazzir\Desktop\Tiberium Wars.lnk
[2013.02.24 11:58:11 | 000,000,216 | ---- | C] () -- C:\Users\wazzir\Desktop\Arctic Combat.url
[2013.02.24 11:35:53 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013.02.23 22:49:23 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2013.02.21 15:55:08 | 000,000,989 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.02.21 15:55:08 | 000,000,977 | ---- | C] () -- C:\Users\wazzir\Desktop\Audacity.lnk
[2013.02.14 21:38:20 | 000,720,896 | ---- | C] () -- C:\Windows\EAInstall.dll
[2013.02.13 01:26:34 | 000,042,880 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2013.01.24 20:44:42 | 000,000,204 | ---- | C] () -- C:\Windows\System32\secustat.dat
[2013.01.24 06:38:58 | 000,000,025 | ---- | C] () -- C:\Windows\emcore.INI
[2013.01.01 18:52:24 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2013.01.01 18:52:23 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2013.01.01 18:52:19 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.12.25 22:36:40 | 000,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2012.12.25 22:36:40 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2012.12.25 16:09:57 | 000,053,248 | ---- | C] () -- C:\Windows\System32\SciDrvCoInst.dll
[2012.12.23 18:54:43 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WAZZIR-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012.12.20 19:03:41 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012.12.20 19:03:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.11.12 07:25:06 | 000,009,224 | ---- | C] () -- C:\Users\wazzir\AppData\Local\share-rapid.err
[2012.11.12 06:46:49 | 000,001,152 | ---- | C] () -- C:\Users\wazzir\AppData\Local\share-rapid.nast
[2012.09.22 16:28:17 | 002,250,024 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.09.21 22:10:03 | 000,334,357 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.09.15 20:20:44 | 000,000,885 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2012.09.01 20:13:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012.09.01 13:35:10 | 000,000,600 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\winscp.rnd
[2012.08.31 20:42:29 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2012.08.31 12:40:18 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.31 12:39:47 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.08.31 12:39:46 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.06.25 18:41:11 | 000,001,194 | ---- | C] () -- C:\Windows\eReg.dat
[2012.06.25 09:20:01 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012.06.23 20:05:19 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.06.23 20:02:55 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.06.23 14:48:57 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2012.06.23 14:48:55 | 000,711,330 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2012.06.23 14:48:55 | 000,146,498 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2012.06.23 14:48:55 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2012.06.23 14:27:23 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.06.23 14:27:21 | 000,683,130 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.06.23 14:27:21 | 000,144,862 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.06.23 14:27:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.06.23 12:19:41 | 011,542,528 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\Sandra.mdb
[2012.06.23 12:19:41 | 000,022,328 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\PnkBstrK.sys
[2012.06.23 12:19:41 | 000,000,132 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2012.06.23 12:19:41 | 000,000,064 | ---- | C] () -- C:\Users\wazzir\AppData\Roaming\Sandra.ldb
[2012.06.23 12:16:32 | 000,028,496 | ---- | C] () -- C:\Users\wazzir\AppData\Local\srdownloader.err
[2012.06.23 12:16:32 | 000,010,752 | ---- | C] () -- C:\Users\wazzir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.23 12:16:32 | 000,007,597 | ---- | C] () -- C:\Users\wazzir\AppData\Local\Resmon.ResmonCfg
[2012.06.23 12:16:32 | 000,001,480 | ---- | C] () -- C:\Users\wazzir\AppData\Local\Adobe Uložit pro web 12.0 Prefs
[2012.06.23 12:16:32 | 000,001,136 | ---- | C] () -- C:\Users\wazzir\AppData\Local\srdownloader.nast
[2012.06.23 12:16:32 | 000,000,600 | ---- | C] () -- C:\Users\wazzir\AppData\Local\PUTTY.RND
[2012.06.23 12:04:37 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.10.13 10:59:42 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011.10.13 10:59:40 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011.10.13 10:59:40 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.02.27 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\.minecraft
[2012.06.23 12:17:28 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\4Front
[2013.02.26 12:44:19 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\4GF.CZ
[2012.06.23 12:17:28 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\ACD Systems
[2012.09.30 12:15:57 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Acoustica
[2012.06.23 12:17:42 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Allstar
[2012.10.25 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Ashampoo
[2013.02.21 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Audacity
[2012.06.23 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Awesomium
[2012.06.23 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\BitLord
[2013.01.25 16:10:27 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\BITS
[2013.02.22 12:47:48 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Canon
[2012.06.23 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.06.23 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\com.JSONpad
[2012.06.23 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2013.02.24 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\DAEMON Tools Lite
[2013.02.25 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\DVDVideoSoft
[2012.06.23 12:17:45 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.23 12:17:45 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\ESET
[2013.01.31 15:26:28 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\FileZilla
[2012.06.23 12:17:45 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Firefly Studios
[2012.06.23 12:17:46 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\fizzy
[2013.01.24 06:38:40 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\FlashgetSetup
[2012.12.22 14:44:32 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\GameRanger
[2012.11.03 15:45:27 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\HEXelon
[2012.10.22 20:29:58 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\hodinky
[2012.10.22 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\ICSharpCode
[2012.06.23 12:17:49 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\iExpert Software
[2012.08.31 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Image-Line
[2013.01.17 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\ImgBurn
[2012.06.23 12:17:50 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\IObit
[2012.06.23 12:17:50 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\LolClient
[2012.06.23 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\MAXON
[2012.06.23 12:19:14 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\muvee Technologies
[2013.02.08 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Need for Speed World
[2013.02.19 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Notepad++
[2012.10.22 17:24:10 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\NuGet
[2012.06.23 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Opera
[2013.02.01 12:09:27 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Origin
[2012.10.05 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Passware
[2012.06.23 12:19:14 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Prism
[2012.06.23 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Publish Providers
[2012.06.23 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\RotMG.Production
[2012.12.25 22:44:54 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Samsung
[2012.06.23 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\SFBot
[2012.06.23 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Sierra
[2012.06.23 12:19:17 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Simple Sudoku
[2013.02.25 17:46:38 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Sony
[2012.09.06 14:04:44 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Stardock
[2013.01.13 21:19:45 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Synthesia
[2012.09.30 12:16:15 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\SynthMaker
[2013.02.12 22:20:32 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\SYSTEMAX Software Development
[2012.06.23 12:19:39 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Systweak
[2012.06.23 12:19:39 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\TeamViewer
[2013.02.24 17:52:38 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\TechSmith
[2012.06.23 12:19:39 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Thinstall
[2012.06.23 12:19:39 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\TrueCrypt
[2012.06.23 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\TunkDesign Inc
[2012.11.10 17:12:30 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Tunngle
[2012.06.23 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\twinstar_launcher
[2012.06.23 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Ulozto File Manager
[2012.10.22 20:19:34 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Unime
[2012.06.23 12:19:40 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Unity
[2013.02.27 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\uTorrent
[2013.01.11 18:58:52 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\Wargaming.net
[2012.12.23 17:30:50 | 000,000,000 | ---D | M] -- C:\Users\wazzir\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.06.25 09:20:01 | 000,000,202 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
[2012.06.25 09:20:01 | 000,000,202 | ---- | C] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012.12.22 20:17:57 | 000,000,324 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForwazzir.job
[2013.01.01 17:00:50 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2874122159-4245340976-1931379245-1000Core.job
[2013.01.01 17:00:50 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2874122159-4245340976-1931379245-1000UA.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 13:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 09:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: HAL.DLL >
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010.11.20 13:29:53 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2012.08.22 18:05:21 | 001,306,992 | ---- | M] (Microsoft Corporation) MD5=23790A44D9A6B67F8690C34D4F516446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
[2011.04.25 05:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2010.11.20 13:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2013.01.04 05:56:23 | 001,308,504 | ---- | M] (Microsoft Corporation) MD5=4A95845C5F33A4DDEB6AEF6367FB6520 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_b5becc06ddb98192\tcpip.sys
[2011.04.25 07:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2013.01.03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\System32\drivers\tcpip.sys
[2013.01.03 06:05:20 | 001,293,672 | ---- | M] (Microsoft Corporation) MD5=7C0507D2391AF5933600CBCED799F277 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_b502eb9fc4c2a304\tcpip.sys
[2012.03.30 11:23:11 | 001,291,632 | ---- | M] (Microsoft Corporation) MD5=7FA2E0F8B072BD04B77B421480B6CC22 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_b52e5147c4a202d7\tcpip.sys
[2012.03.30 10:04:23 | 001,306,480 | ---- | M] (Microsoft Corporation) MD5=88FCDB9923EFECA207B3CEBD24407126 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_b583df0adde66104\tcpip.sys
[2012.08.22 18:16:54 | 001,292,144 | ---- | M] (Microsoft Corporation) MD5=A5EBB8F648000E88B7D9390B514976BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
[2012.10.03 17:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\erdnt\cache\tcpip.sys
[2012.10.03 17:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\*.tmp files -> C:\Windows\inf\Intel Storage Counters\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0000\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0000\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0005\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0005\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0007\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0007\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0009\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0009\*.tmp -> ]
[1 C:\Windows\inf\Intel Storage Counters\0019\*.tmp files -> C:\Windows\inf\Intel Storage Counters\0019\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\18454cb4796c0b3f01111ee0a60a88a3\*.tmp files -> C:\Windows\SoftwareDistribution\Download\18454cb4796c0b3f01111ee0a60a88a3\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\259bb6aa319c59608b3c12e71bc501a1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\259bb6aa319c59608b3c12e71bc501a1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\51808a31b0a6039544c26f7508f8f9e2\*.tmp files -> C:\Windows\SoftwareDistribution\Download\51808a31b0a6039544c26f7508f8f9e2\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\82eb6d37e798f3586a2815e0c4f2d2c1\*.tmp files -> C:\Windows\SoftwareDistribution\Download\82eb6d37e798f3586a2815e0c4f2d2c1\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\b812f0f9c2021be647c5b4e43e856606\*.tmp files -> C:\Windows\SoftwareDistribution\Download\b812f0f9c2021be647c5b4e43e856606\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\e2239686155a07c6475a3be1f44f5c7d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\e2239686155a07c6475a3be1f44f5c7d\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2004.06.12 00:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

Odpovědět