VIRY.CZ

log z RSIT :

Logfile of random's system information tool 1.10 (written by random/random)
Run by Arm0r! at 2014-06-25 19:08:39
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 31 GB (31%) free of 100 GB
Total RAM: 8129 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:08:41, on 25.6.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\trend micro\Arm0r!.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7282 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1780
C:\Windows\system32\SearchIndexer.exe /Embedding
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
taskeng.exe {2657475C-37DC-4878-AC44-C993600C1FF4}
C:\Windows\system32\AUDIODG.EXE 0x4b4
"taskhost.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Arm0r!\Desktop\anti\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Arm0r!\AppData\Roaming\Mozilla\Firefox\Profiles\1ssrpuzp.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.4.0]
"Description"=
"Path"=C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.125 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-03 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-08-12 2916584]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-09 13672152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"=C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe [2012-03-20 3340288]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
C:\PROGRA~1\GAMEPA~1\gpcl.exe [2011-07-29 442880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Arm0r!^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
C:\Users\Arm0r!\AppData\Local\GAMERS~1\LIVE!\Live.exe [2013-06-25 2878504]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-09-16 134616]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2013-04-26 292848]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [2014-04-17 767200]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\prwntdrv]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.RTV1"=rtvcvfw64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-06-25 19:08:39 ----D---- C:\rsit
2014-06-25 19:08:39 ----D---- C:\Program Files\trend micro
2014-06-25 16:20:22 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-25 16:10:20 ----D---- C:\Windows\SYSWOW64\Wat
2014-06-25 16:10:20 ----D---- C:\Windows\system32\Wat
2014-06-25 15:22:32 ----SHD---- C:\$RECYCLE.BIN
2014-06-25 15:21:39 ----D---- C:\Windows\temp
2014-06-25 14:33:16 ----D---- C:\Windows\system32\catroot2
2014-06-25 14:23:56 ----D---- C:\Windows\SoftwareDistribution
2014-06-25 14:18:53 ----D---- C:\Windows\SoftwareDistribution.bak
2014-06-25 13:58:43 ----D---- C:\Windows\system32\catroot2.old
2014-06-25 12:27:54 ----A---- C:\Windows\system32\wups2.dll
2014-06-25 12:27:54 ----A---- C:\Windows\system32\wucltux.dll
2014-06-25 12:27:54 ----A---- C:\Windows\system32\wuaueng.dll
2014-06-25 12:27:54 ----A---- C:\Windows\system32\wuauclt.exe
2014-06-25 12:27:50 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-06-25 12:27:50 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-06-25 12:27:50 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-06-25 12:27:50 ----A---- C:\Windows\system32\wups.dll
2014-06-25 12:27:50 ----A---- C:\Windows\system32\wudriver.dll
2014-06-25 12:27:50 ----A---- C:\Windows\system32\wuapi.dll
2014-06-25 12:27:46 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-06-25 12:27:46 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-06-25 12:27:46 ----A---- C:\Windows\system32\wuwebv.dll
2014-06-25 12:27:46 ----A---- C:\Windows\system32\wuapp.exe
2014-06-23 12:07:28 ----D---- C:\Users\Arm0r!\AppData\Roaming\Publish Providers
2014-06-22 16:14:20 ----D---- C:\Users\Arm0r!\AppData\Roaming\Warsow 1.5
2014-06-22 11:33:18 ----D---- C:\ProgramData\PC Tools
2014-06-22 11:33:18 ----AD---- C:\ProgramData\TEMP
2014-06-22 11:33:17 ----D---- C:\Users\Arm0r!\AppData\Roaming\Product_RM
2014-06-21 15:33:16 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-06-21 15:24:05 ----D---- C:\Program Files\HitmanPro
2014-06-21 15:23:33 ----D---- C:\ProgramData\HitmanPro
2014-06-21 14:37:26 ----D---- C:\Program Files (x86)\VideoLAN
2014-06-20 20:31:31 ----D---- C:\Program Files (x86)\ESET
2014-06-20 15:19:56 ----D---- C:\Program Files (x86)\CyberGamer
2014-06-20 15:05:48 ----D---- C:\ProgramData\Battle.net
2014-06-17 18:13:45 ----A---- C:\Windows\COD.INI
2014-06-13 21:42:38 ----A---- C:\Windows\SYSWOW64\unrar.dll
2014-06-13 21:42:38 ----A---- C:\Windows\system32\unrar64.dll
2014-06-13 21:42:36 ----D---- C:\Program Files (x86)\K-Lite Codec Pack
2014-06-13 08:05:00 ----A---- C:\Windows\SYSWOW64\icudt44.dll
2014-06-11 14:43:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-06-11 12:52:28 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-06-11 12:52:28 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-06-11 12:52:27 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-06-11 12:52:27 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 12:52:27 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-06-11 12:52:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-06-11 12:52:26 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-06-11 12:52:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-06-11 12:52:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-06-11 12:52:26 ----A---- C:\Windows\system32\urlmon.dll
2014-06-11 12:52:26 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 12:52:25 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-06-11 12:52:25 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-06-11 12:52:25 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-06-11 12:52:25 ----A---- C:\Windows\system32\msfeeds.dll
2014-06-11 12:52:25 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-06-11 12:52:25 ----A---- C:\Windows\system32\ie4uinit.exe
2014-06-11 12:52:25 ----A---- C:\Windows\system32\dxtmsft.dll
2014-06-11 12:52:24 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-06-11 12:52:24 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-06-11 12:52:24 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-06-11 12:52:24 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-06-11 12:52:24 ----A---- C:\Windows\system32\iesetup.dll
2014-06-11 12:52:24 ----A---- C:\Windows\system32\iertutil.dll
2014-06-11 12:52:23 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-06-11 12:52:23 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-06-11 12:52:23 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-06-11 12:52:23 ----A---- C:\Windows\system32\jsproxy.dll
2014-06-11 12:52:23 ----A---- C:\Windows\system32\ieui.dll
2014-06-11 12:52:23 ----A---- C:\Windows\system32\iernonce.dll
2014-06-11 12:52:23 ----A---- C:\Windows\system32\dxtrans.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\vbscript.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\mshtmled.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\jscript9diag.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\jscript9.dll
2014-06-11 12:52:22 ----A---- C:\Windows\system32\ieUnatt.exe
2014-06-11 12:52:22 ----A---- C:\Windows\system32\ieframe.dll
2014-06-11 12:52:21 ----A---- C:\Windows\system32\wininet.dll
2014-06-11 12:52:21 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 12:52:21 ----A---- C:\Windows\system32\msrating.dll
2014-06-11 12:52:21 ----A---- C:\Windows\system32\ieapfltr.dll
2014-06-11 12:52:20 ----A---- C:\Windows\system32\mshtml.dll
2014-06-11 12:52:08 ----A---- C:\Windows\SYSWOW64\usp10.dll
2014-06-11 12:52:08 ----A---- C:\Windows\system32\usp10.dll
2014-06-11 12:52:08 ----A---- C:\Windows\system32\msxml6.dll
2014-06-11 12:52:08 ----A---- C:\Windows\system32\msxml3.dll
2014-06-11 12:52:07 ----A---- C:\Windows\SYSWOW64\msxml6r.dll
2014-06-11 12:52:07 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2014-06-11 12:52:07 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-06-11 12:52:07 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-06-11 12:52:07 ----A---- C:\Windows\system32\msxml6r.dll
2014-06-11 12:52:07 ----A---- C:\Windows\system32\msxml3r.dll
2014-06-11 12:52:07 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-06-11 12:52:07 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-06-11 12:52:00 ----A---- C:\Windows\system32\aepdu.dll
2014-06-11 12:52:00 ----A---- C:\Windows\system32\aeinv.dll
2014-06-08 02:29:16 ----D---- C:\Users\Arm0r!\AppData\Roaming\VitySoft
2014-06-06 13:56:47 ----D---- C:\Program Files (x86)\RivaTuner Statistics Server
2014-06-06 13:52:47 ----D---- C:\Program Files (x86)\MSI Afterburner
2014-06-04 13:35:52 ----D---- C:\Users\Arm0r!\AppData\Roaming\FabFilter
2014-05-30 21:20:59 ----A---- C:\Windows\system32\RtNicProp64.dll
2014-05-30 21:20:59 ----A---- C:\Windows\system32\drivers\Rt64win7.sys
2014-05-30 20:53:12 ----D---- C:\Windows\SYSWOW64\RTCOM
2014-05-30 20:53:12 ----D---- C:\Program Files\Realtek
2014-05-30 20:52:50 ----A---- C:\Windows\system32\YamahaAE.dll
2014-05-30 20:52:50 ----A---- C:\Windows\system32\WavesGUILib64.dll
2014-05-30 20:52:50 ----A---- C:\Windows\system32\tossaeapo64.dll
2014-05-30 20:52:50 ----A---- C:\Windows\system32\toseaeapo64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\tosasfapo64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\tosade.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\tepeqapo64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\tadefxapo264.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\tadefxapo.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\SStudio.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\SRSWOW64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\SRSTSX64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\SRSTSH64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\SRSHP64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\sltech64.dll
2014-05-30 20:52:49 ----A---- C:\Windows\system32\slprp64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\SYSWOW64\SFCOM.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\slcnt64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\sl3apo64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\SFSS_APO.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\SFNHK64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\SFCOM64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\SFAPO64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\RtPgEx64.dll
2014-05-30 20:52:48 ----A---- C:\Windows\system32\drivers\rtvienna.dat
2014-05-30 20:52:47 ----A---- C:\Windows\system32\RtlCPAPI64.dll
2014-05-30 20:52:47 ----A---- C:\Windows\system32\RtkCoLDR64.dll
2014-05-30 20:52:47 ----A---- C:\Windows\system32\RtkCfg64.dll
2014-05-30 20:52:47 ----A---- C:\Windows\system32\RtkApi64.dll
2014-05-30 20:52:47 ----A---- C:\Windows\system32\RTEEP64A.dll
2014-05-30 20:52:47 ----A---- C:\Windows\system32\drivers\RTKVHD64.sys
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RTEEL64A.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RTEEG64A.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RTEED64A.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RtDataProc64.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RTCOM64.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RP3DHT64.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RP3DAA64.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\RltkAPO64.dll
2014-05-30 20:52:46 ----A---- C:\Windows\system32\drivers\RTAIODAT.DAT
2014-05-30 20:52:44 ----A---- C:\Windows\system32\RCoRes64.dat
2014-05-30 20:52:44 ----A---- C:\Windows\system32\RCoInstII64.dll
2014-05-30 20:52:44 ----A---- C:\Windows\system32\R4EEP64A.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\R4EEL64A.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\R4EEG64A.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\R4EED64A.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\R4EEA64A.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\NAHIMICAPOlfx.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\MISS_APO.dll
2014-05-30 20:52:43 ----A---- C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-05-30 20:52:42 ----A---- C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-05-30 20:52:42 ----A---- C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-05-30 20:52:42 ----A---- C:\Windows\system32\MaxxSpeechAPO64.dll
2014-05-30 20:52:42 ----A---- C:\Windows\system32\MaxxAudioVnN64.dll
2014-05-30 20:52:41 ----A---- C:\Windows\system32\MaxxAudioVnA64.dll
2014-05-30 20:52:41 ----A---- C:\Windows\system32\MaxxAudioRealtek64.dll
2014-05-30 20:52:40 ----A---- C:\Windows\SYSWOW64\MaxxAudioAPOShell.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioRealtek264.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioEQ64.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPO6064.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPO5064.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPO4064.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPO30.dll
2014-05-30 20:52:40 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2014-05-30 20:52:39 ----A---- C:\Windows\system32\KAAPORT64.dll
2014-05-30 20:52:39 ----A---- C:\Windows\system32\ICEsoundAPO64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\FMAPO64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSU2PREC64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSU2PLFX64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSU2PGFX64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSSymmetryDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSNeoPCDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSLimiterDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSLFXAPO64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSGFXAPONS64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSGFXAPO64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-05-30 20:52:36 ----A---- C:\Windows\system32\DTSBoostDLL64.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\DDPP64A.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\DDPO64A.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\DDPD64A.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\DDPA64.dll
2014-05-30 20:52:35 ----A---- C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-05-30 20:52:34 ----A---- C:\Windows\system32\audioLibVc.dll
2014-05-30 20:52:34 ----A---- C:\Windows\system32\AERTAR64.dll
2014-05-30 20:52:34 ----A---- C:\Windows\system32\AERTAC64.dll
2014-05-30 20:52:34 ----A---- C:\Windows\system32\AcpiServiceVnA64.dll
2014-05-29 11:36:50 ----D---- C:\Program Files (x86)\Battlelog Web Plugins
2014-05-29 11:31:26 ----D---- C:\ProgramData\EA Logs
2014-05-29 11:31:26 ----D---- C:\ProgramData\EA Core
2014-05-29 02:15:20 ----D---- C:\Program Files (x86)\Origin Games
2014-05-29 02:14:52 ----D---- C:\Users\Arm0r!\AppData\Roaming\Origin
2014-05-29 02:14:08 ----D---- C:\ProgramData\Origin
2014-05-29 02:14:06 ----D---- C:\Program Files (x86)\Origin
2014-05-28 19:06:31 ----D---- C:\Users\Arm0r!\AppData\Roaming\Obsidium
2014-05-28 15:18:15 ----D---- C:\ProgramData\Media Center Programs
2014-05-28 15:18:13 ----A---- C:\Windows\system32\drivers\atksgt.sys
2014-05-28 15:18:12 ----A---- C:\Windows\system32\drivers\lirsgt.sys
2014-05-28 12:08:25 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-26 11:31:10 ----D---- C:\Program Files (x86)\IObit
2014-05-26 10:58:17 ----A---- C:\Windows\SYSWOW64\secustat.dat
2014-05-26 01:34:33 ----A---- C:\Windows\SYSWOW64\secushr.dat
2014-05-26 00:57:49 ----A---- C:\Windows\libem.INI

======List of files/folders modified in the last 1 month======

2014-06-25 19:08:39 ----RD---- C:\Program Files
2014-06-25 19:07:40 ----D---- C:\Users\Arm0r!\AppData\Roaming\Xfire
2014-06-25 18:48:57 ----D---- C:\Windows\rescache
2014-06-25 17:32:09 ----D---- C:\ProgramData
2014-06-25 17:31:56 ----D---- C:\Windows\system32\drivers
2014-06-25 17:15:44 ----D---- C:\Windows\system32\LogFiles
2014-06-25 16:41:21 ----D---- C:\Windows\system32\config
2014-06-25 16:23:19 ----D---- C:\Windows\System32
2014-06-25 16:23:19 ----D---- C:\Windows\inf
2014-06-25 16:23:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-06-25 16:20:22 ----RD---- C:\Program Files (x86)
2014-06-25 16:18:56 ----D---- C:\Windows
2014-06-25 16:10:37 ----D---- C:\Windows\system32\catroot
2014-06-25 16:10:30 ----D---- C:\Windows\SysWOW64
2014-06-25 16:10:30 ----A---- C:\Windows\SYSWOW64\slwga.dll
2014-06-25 16:10:30 ----A---- C:\Windows\system32\systemcpl.dll
2014-06-25 16:10:30 ----A---- C:\Windows\system32\slwga.dll
2014-06-25 16:10:29 ----A---- C:\Windows\system32\user32.dll
2014-06-25 16:10:28 ----A---- C:\Windows\SYSWOW64\user32.dll
2014-06-25 16:10:26 ----D---- C:\Windows\winsxs
2014-06-25 15:25:48 ----SHD---- C:\System Volume Information
2014-06-25 15:22:15 ----D---- C:\Windows\erdnt
2014-06-25 15:20:41 ----A---- C:\Windows\system.ini
2014-06-25 15:20:36 ----D---- C:\Windows\system32\drivers\etc
2014-06-25 15:18:59 ----D---- C:\Windows\SYSWOW64\drivers
2014-06-25 15:18:59 ----D---- C:\Windows\AppPatch
2014-06-25 15:18:58 ----D---- C:\Program Files (x86)\Common Files
2014-06-25 14:42:16 ----D---- C:\Windows\Prefetch
2014-06-25 14:39:08 ----SHD---- C:\Windows\Installer
2014-06-25 14:05:05 ----D---- C:\Windows\SoftwareDistribution.old
2014-06-25 13:17:06 ----D---- C:\Windows\system32\catroot2.bak
2014-06-25 13:00:36 ----D---- C:\Users\Arm0r!\AppData\Roaming\HLSW
2014-06-25 12:45:27 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-06-25 12:34:04 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-06-25 12:34:04 ----D---- C:\Windows\system32\cs-CZ
2014-06-24 15:14:19 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-06-24 12:29:26 ----D---- C:\Users\Arm0r!\AppData\Roaming\Skype
2014-06-23 20:39:54 ----SD---- C:\Users\Arm0r!\AppData\Roaming\Microsoft
2014-06-23 20:38:43 ----D---- C:\Program Files (x86)\Microsoft Office
2014-06-23 20:38:36 ----D---- C:\Program Files (x86)\MSECache
2014-06-23 16:07:21 ----D---- C:\Users\Arm0r!\AppData\Roaming\FileZilla
2014-06-22 11:40:19 ----D---- C:\Windows\Tasks
2014-06-22 11:40:19 ----D---- C:\Windows\system32\Tasks
2014-06-21 16:35:21 ----D---- C:\Windows\Logs
2014-06-21 13:54:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-06-18 18:24:46 ----RD---- C:\Program Files (x86)\Skype
2014-06-18 18:24:42 ----D---- C:\ProgramData\Skype
2014-06-17 11:55:31 ----D---- C:\Users\Arm0r!\AppData\Roaming\Winamp
2014-06-16 12:40:31 ----SD---- C:\ProgramData\Microsoft
2014-06-13 01:16:27 ----D---- C:\Windows\debug
2014-06-12 14:14:04 ----D---- C:\Hry
2014-06-12 12:05:15 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 13:04:30 ----D---- C:\Windows\SYSWOW64\en-US
2014-06-11 13:04:30 ----D---- C:\Windows\system32\en-US
2014-06-11 13:04:30 ----D---- C:\Program Files\Internet Explorer
2014-06-11 13:04:30 ----D---- C:\Program Files (x86)\Internet Explorer
2014-06-11 13:04:29 ----D---- C:\Windows\system32\DriverStore
2014-06-11 12:54:10 ----D---- C:\Windows\system32\MRT
2014-06-11 12:53:22 ----A---- C:\Windows\system32\MRT.exe
2014-06-11 12:52:31 ----SD---- C:\Windows\system32\CompatTel
2014-06-09 17:07:20 ----RSD---- C:\Windows\assembly
2014-06-06 16:54:54 ----D---- C:\Program Files (x86)\OpenAL
2014-06-06 16:54:54 ----A---- C:\Windows\system32\wrap_oal.dll
2014-06-06 16:54:54 ----A---- C:\Windows\system32\OpenAL32.dll
2014-06-06 16:54:53 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2014-06-06 16:54:53 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2014-06-06 13:56:56 ----D---- C:\Windows\SYSWOW64\directx
2014-06-03 21:44:39 ----D---- C:\Program Files (x86)\Rob Papen
2014-06-03 18:52:27 ----D---- C:\ProgramData\Xfire
2014-05-30 21:20:59 ----D---- C:\Program Files (x86)\Realtek
2014-05-30 20:53:23 ----HD---- C:\Program Files (x86)\Temp
2014-05-29 02:14:08 ----D---- C:\ProgramData\Electronic Arts
2014-05-28 13:46:02 ----D---- C:\Fraps

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gfibto;gfibto; C:\Windows\system32\drivers\gfibto.sys [2014-04-24 14456]
R0 iaStorA;iaStorA; C:\Windows\system32\drivers\iaStorA.sys [2013-10-29 632168]
R0 iaStorF;iaStorF; C:\Windows\system32\drivers\iaStorF.sys [2013-10-29 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2013-04-26 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2014-05-08 564824]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 168544]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2010-07-29 171152]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2010-07-29 50624]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-05-28 42696]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2014-04-18 15376384]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2014-04-18 638976]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2010-07-29 33632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-14 3962840]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2013-04-26 368112]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2013-04-26 786416]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-04-23 936664]
S1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-05-28 310984]
S3 ak6y1fe9;ak6y1fe9; C:\Windows\system32\drivers\ak6y1fe9.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cbfs3;EldoS CallbackFS driver v3; C:\Windows\system32\DRIVERS\cbfs3.sys [2011-04-04 325008]
S3 cpudrv64;cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864]
S3 cpuz130;cpuz130; \??\C:\Users\Arm0r!\AppData\Local\Temp\cpuz130\cpuz_x64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 MFE_RR;MFE_RR; \??\C:\Users\Arm0r!\AppData\Local\Temp\mfe_rr.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2014-04-18 239616]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2010-08-12 810144]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2014-06-24 76888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-21 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-08-12 42360]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-11 119408]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

-----------------EOF-----------------

Zdravim

Predpokladam, ze Windows mate legalni?

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam, ze ten ESET jak ma byt = zakoupena licence??

Davaji WinUpdate nejakou hlasku??

druhý log z RSIT, tedy info.txt

info.txt logfile of random's system information tool 1.10 2014-06-25 19:08:42

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A8578731F00008020210007DF130C000800000020030000DF140C07FEFFFF0028030000D8310C00FEFFFF07FEFFFF0000350C00603B680000000000000000000000000000000055AA

======Uninstall list======

-->C:\ProgramData\{DEB7EC0A-2CAA-4D3F-980F-EFEF8157E3FA}\Kontakt 5 Setup PC.exe
-->D:\Hry\Legend of Grimrock\unins000.exe
-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
3DMark03-->"C:\Program Files (x86)\InstallShield Installation Information\{FF35F637-72B9-43BE-A281-06EB2854393A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 14 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_125_Plugin.exe -maintain plugin
Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
Adobe Reader XI (11.0.07) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}
AMD Catalyst Install Manager-->msiexec /q/x{6119B3A6-3603-9695-0398-CDF2AF0A13F8} REBOOT=ReallySuppress
AMD Media Foundation Decoders-->MsiExec.exe /X{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}
AMD Wireless Display v3.0-->MsiExec.exe /X{0A2E1907-D0DE-0D01-CA64-CB0AB0BFE539}
AMD Wireless Display v3.0-->MsiExec.exe /X{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}
APB Reloaded-->"D:\Hry\GamersFirst\APB Reloaded\Uninstall.exe"
Apple Application Support-->MsiExec.exe /I{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ARIA Engine v1.6.0.2-->"C:\Program Files\Plogue\Aria\unins000.exe"
Armies of Exigo-->"D:\Hry\Armies of Exigo\unins000.exe"
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Audacity 2.0.5-->"C:\Program Files (x86)\Audacity\unins000.exe"
Battlefield 3™-->"C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 3\Cleanup.exe" uninstall_game -autologging
Battlelog Web Plugins-->C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
BitLord 1.1-->C:\Program Files (x86)\BitLord\uninst.exe
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty-->D:\Hry\CALLOF~1\Uninstall\Unwise.exe /u D:\Hry\CALLOF~1\Uninstall\Install.log
Catalyst Control Center - Branding-->MsiExec.exe /I{25A3B953-1423-3F15-640E-B620DD0F419A}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Crysis 2 - Maximum Edition-->"D:\Hry\Crytek\Crysis 2 - Maximum Edition\unins000.exe"
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crysis®3-->"C:\Program Files (x86)\Common Files\EAInstaller\Crysis 3\Cleanup.exe" uninstall_game -autologging
CyberGamer Anti-Cheat-->MsiExec.exe /I{EF2BEFCB-3418-4903-8A1D-381560164CBC}
DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200}
DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200}
FileZilla Client 3.8.0-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
FL Studio 10-->D:\NainstalovaneFL\Image-Line\FL Studio 10\uninstall.exe
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
GamePark klient 2.0.9.0-->"C:\Program Files\GamePark2\unins000.exe"
GamePark-->"C:\Program Files (x86)\GamePark\unins000.exe"
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Hard Reset - Extended Edition version 1.5-->"C:\Hry\Kalypso Media\Hard Reset - Extended Edition\unins000.exe"
HLSW v1.4.0.2-->"C:\Program Files (x86)\HLSW\unins000.exe"
IL Download Manager-->C:\Program Files (x86)\Image-Line\Downloader\uninstall.exe
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) USB 3.0 eXtensible Host Controller Driver-->C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java 7 Update 51-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217051FF}
Jets N Guns-->"D:\Hry\Jets N Guns\ReflexiveArcade\unins000.exe"
K-Lite Codec Pack 10.5.5 Basic-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
LAME v3.99.3 (for Windows)-->"C:\Program Files (x86)\Lame For Audacity\unins000.exe"
Legend of Grimrock-->"D:\Hry\Legend of Grimrock\unins000.exe"
Metro Last Light - Complete Edition-->"D:\Hry\Deep Silver\Metro Last Light - Complete Edition\unins000.exe"
Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0405-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850405-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.50727.42 False-->MsiExec.exe /X{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.51011 False-->MsiExec.exe /X{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.56336 False-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.58298 False-->MsiExec.exe /X{f45b48a7-f616-4211-b927-17cab6a96613}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.59192 False-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False-->MsiExec.exe /X{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 False-->MsiExec.exe /X{D04659D1-EB2D-3DE5-A833-837A623CCCF7}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.0 False-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 False-->MsiExec.exe /X{BBBE35B2-9349-3C48-BD3D-F574B17C7924}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411 False-->MsiExec.exe /X{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 False-->MsiExec.exe /X{2DFD8316-9EF1-3210-908C-4CB61961C1AC}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 False-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 False-->MsiExec.exe /X{91415F19-4C22-3609-A105-92ED3522D83C}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 False-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.5570 False-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False-->MsiExec.exe /X{DCB46B42-723F-350E-B18A-449BC6C21636}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False-->MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False-->MsiExec.exe /X{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 Redistributable - x64 10.0.30319 False-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 False-->"C:\ProgramData\Package Cache\{0f12c81f-93ef-46ec-bc94-d952c1a775d4}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727-->"C:\ProgramData\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 False-->"C:\ProgramData\Package Cache\{35459b22-19a6-44ec-8d34-27eb3131acac}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 False-->"C:\ProgramData\Package Cache\{dde2682b-961a-41ea-8d44-6005991b7947}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030-->"C:\ProgramData\Package Cache\{a2199617-3609-410f-a8e8-e8806c73545b}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 False-->"C:\ProgramData\Package Cache\{615bc16d-60f5-482e-91b3-b51d8130963b}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106-->"C:\ProgramData\Package Cache\{8e70e4e1-06d7-470b-9f74-a51bef21088e}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 False-->"C:\ProgramData\Package Cache\{01db25f3-1b76-4d97-88c8-1c90634d88fb}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 False-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 False-->MsiExec.exe /X{3C28BFD4-90C7-3138-87EF-418DC16E9598}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 False-->MsiExec.exe /X{764384C5-BCA9-307C-9AAC-FD443662686A}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030-->MsiExec.exe /X{37B8F9C7-03FB-3253-8781-2517C99D7C00}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 False-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 False-->MsiExec.exe /X{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 False-->MsiExec.exe /X{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 False-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False-->MsiExec.exe /X{6C772996-BFF3-3C8C-860B-B3D48FF05D65}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 False-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 False-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False-->MsiExec.exe /X{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 False-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{51adbf11-493f-431c-a862-967a0fae2944}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Mozilla Firefox 30.0 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSI Afterburner 3.0.0-->"C:\Program Files (x86)\MSI Afterburner\uninstall.exe"
MSVCRT Redists-->MsiExec.exe /I{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}
Native Instruments Kontakt 5-->"C:\ProgramData\{DEB7EC0A-2CAA-4D3F-980F-EFEF8157E3FA}\Kontakt 5 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Nuclear Coffee - VideoGet-->"C:\Program Files\Nuclear Coffee\VideoGet\unins000.exe"
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
Origin-->C:\Program Files (x86)\Origin\OriginUninstall.exe
OSCAR Editor-->MsiExec.exe /I{3C2379D2-337A-4FFA-9017-BDFB80EC0931}"
Path of Exile-->MsiExec.exe /X{90A4562F-D4A1-4B65-906D-41F236CF6902}
PunkBuster Services-->D:\HRY\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe -u
QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Revo Uninstaller Pro 3.0.8-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
RivaTuner Statistics Server 6.1.1-->"C:\Program Files (x86)\RivaTuner Statistics Server\uninstall.exe"
Samsung_MonSetup-->C:\Program Files (x86)\InstallShield Installation Information\{8EA79DBF-D637-448A-89D6-410A087A4493}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {BD0F9F7E-62B2-3971-9E2E-B87B832CE89D}
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {513BC47F-0560-33C2-A029-C5387642233A}
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {599EC629-2679-30CE-B28B-7432EF5FC126}
Skype™ 6.16-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}
Steinberg Xphraze-->D:\NAINST~1\VSTPLU~1\Xphraze\UNINST~1.EXE D:\NAINST~1\VSTPLU~1\Xphraze\INSTALL.LOG
System Requirements Lab for Intel-->MsiExec.exe /I{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
THE SETTLERS - Rise of an Empire-->"C:\Program Files (x86)\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x0009 -removeonly
TmNationsForever-->"C:\Hry\TmNationsForever\unins000.exe"
Vegas Pro 11.0 (64-bit)-->MsiExec.exe /X{269F9470-26A4-11E1-83EE-F04DA23A5C58}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
WinRAR 5.01 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
X7 Oscar Editor-->"C:\Program Files (x86)\InstallShield Installation Information\{3C2379D2-337A-4FFA-9017-BDFB80EC0931}\setup.exe" -runfromtemp -l0x0409 -removeonly
Xfire-->"C:\Program Files (x86)\Xfire\uninst.exe"

======System event log======

Computer Name: Arm0r-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Windows PowerShell.
Record Number: 36241
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124511.048299-000
Event Type: Informace
User: Arm0r-PC\Arm0r!

Computer Name: Arm0r-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Media Center.
Record Number: 36240
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124511.017099-000
Event Type: Informace
User: Arm0r-PC\Arm0r!

Computer Name: Arm0r-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Key Management Service.
Record Number: 36239
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124510.985899-000
Event Type: Informace
User: Arm0r-PC\Arm0r!

Computer Name: Arm0r-PC
Event Code: 104
Message: Byl vymazán soubor protokolu Internet Explorer.
Record Number: 36238
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124510.954699-000
Event Type: Informace
User: Arm0r-PC\Arm0r!

Computer Name: Arm0r-PC
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 36237
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124510.892299-000
Event Type: Informace
User: Arm0r-PC\Arm0r!

=====Application event log=====

Computer Name: Arm0r-PC
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 8516
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140625125110.362413-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Arm0r-PC
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 8515
Source Name: Microsoft-Windows-EventSystem
Time Written: 20140625125110.000000-000
Event Type: Informace
User:

Computer Name: Arm0r-PC
Event Code: 1532
Message: Služba Profil uživatele byla zastavena.

Record Number: 8514
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20140625125047.455286-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: Arm0r-PC
Event Code: 6000
Message: Odběratel oznámení přihlašování do systému Windows <SessionEnv> nemohl zpracovat událost upozornění.
Record Number: 8513
Source Name: Microsoft-Windows-Winlogon
Time Written: 20140625125046.000000-000
Event Type: Informace
User:

Computer Name: Arm0r-PC
Event Code: 9009
Message: Správce oken plochy byl ukončen s kódem (0x40010004).
Record Number: 8512
Source Name: Desktop Window Manager
Time Written: 20140625125046.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Arm0r-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 9292
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625125108.568410-000
Event Type: Úspěšný audit
User:

Computer Name: Arm0r-PC
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 9291
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625125108.568410-000
Event Type: Úspěšný audit
User:

Computer Name: Arm0r-PC
Event Code: 4647
Message: Odhlášení spuštěné uživatelem:

Předmět:
ID zabezpečení: S-1-5-21-1689877765-4154099009-2798999276-1000
Název účtu: Arm0r!
Doména účtu: Arm0r-PC
ID přihlášení: 0x5add4

Tato událost je generována, pokud je spuštěno odhlášení. Není povolena žádná další uživatelem spuštěná akce. Tuto událost lze interpretovat jako událost odhlášení.
Record Number: 9290
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140625125046.628484-000
Event Type: Úspěšný audit
User:

Computer Name: Arm0r-PC
Event Code: 1100
Message: Služba protokolování událostí byla ukončena.
Record Number: 9289
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625125047.455286-000
Event Type: Úspěšný audit
User:

Computer Name: Arm0r-PC
Event Code: 1102
Message: Protokol auditu byl vymazán.
Předmět:
ID zabezpečení: S-1-5-21-1689877765-4154099009-2798999276-1000
Název účtu: Arm0r!
Název domény: Arm0r-PC
ID přihlášení: 0x5add4
Record Number: 9288
Source Name: Microsoft-Windows-Eventlog
Time Written: 20140625124510.798699-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client;C:\Program Files\Intel\iCLS Client;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=3c03
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Windows mám legální, ano.
ESET Antivirus mám také zakoupený.
Windows Update dávají hlášku : Že nelze provést update, kód chyby : 80246002

Mám podezření, že se mi modifikovali systémové soubory ani nevím jak, zkoušel jsem veškeré oficiální postupy jak obnovit aktualizace přes stránky Microsoftu, bez výsledku.

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

Ulozte nejlepe na Plochu
Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
Nasledne kliknutim na Yes potvrdte restart PC
Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

net stop bits
net stop /s wuauserv
regsvr32 /u wuaueng.dll /s
del /f /s /q %windir%\SoftwareDistribution\*.*
del /f /s /q %windir%\windowsupdate.log
regsvr32 wuaueng.dll /s
net start bits
net start wuauserv
wuauclt.exe /resetauthorization /detectnow

Soubor ulozte jako del.bat
Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
Zavrit notepad a spustit dvojklikem del.bat
Okno jen problikne a provede mazani - soubor muzete smazat

Log z ServicesRepair

Log Opened: 2014-06-25 @ 19:31:58
19:31:58 - -----------------
19:31:58 - | Begin Logging |
19:31:58 - -----------------
19:31:58 - Fix started on a WIN_7 X64 computer
19:31:58 - Prep in progress. Please Wait.
19:31:59 - Prep complete
19:31:59 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
19:31:59 - Services Repair Complete.
19:32:01 - Reboot Initiated

____

Log z FSS :

Farbar Service Scanner Version: 10-06-2014
Ran by Arm0r! (administrator) on 25-06-2014 at 19:35:43
Running from "C:\Users\Arm0r!\Desktop\anti"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Spustte jeste ten batak a uvidime

Po nem jeste restartujte PC a zkuste vyhledat aktualizace

Tak jsem tedy vytvořil a spustil ten .bat soubor, přesně dle pokynů a restartoval PC. Nyní při pokusu o vyhledání aktualizací se mi zobrazí chybová hláška : Služba Windows Update nyní nemůže vyhledat aktualizace, protože tato služba není spuštěna. Zřejmě bude potřeba restartovat počítač.

Restart ted nepomohl, aby se nam sluzba spustila??

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
services.msc
```
Kliknete na OK
Najdete sluzby nize
Windows Update
U sluzby provedte toto
- Klik na ni pravym mysidlem a zvolit Spustit

Vím, že taková služba existuje, tedy v services.msc, jenomže mě absolutně teď zmizla (nejspíše, mám takové tušení po tom .bat souboru, ale to si opravdu nejsem jistý).

Kontroloval jsem to 3x, nemohu to tady najít. Jako důkaz mohu poskytnout snímek obrazovky.

Zkuste tedy jeste jednou ten ServiceRepair od ESETu

Takže jsem tedy zkusil opětovně Service Repair. Po restartování PC sice už Windows Update reaguje, ale chybová hláška zůstavá stejná. Tedy i stejný kód chyby : 80246002

Pokud ani oficialni navody nepomahaji, tak pak bych kontaktoval technickou podporu microsoftu - mate na ni narok a je zdarma...
A oni mohou vytvorit HotFix primo pro vas

Dobře. I tak děkuji za ochotu a snahu pomoci. Velice si toho vážím.

Neni zac, jestli muzu poprosit - napiste jak jste dopadl

Tak po pár dnech zkoušení všelijakých fixů apod, jsem to vzdal, nicméně dnes to začlo s podivem fungovat opět znovu. Nevěřím však, že je Win v pořádku, takže stejně v nejbližší době jej budu instalovat kompletně znovu.

VIRY.CZ

Nefunkční Windows Update, prosím o kontrolu.

Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.

Re: Nefunkční Windows Update, prosím o kontrolu.