Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 12.5.2015
Čas skenování: 18:11:45
Protokol: aaa.txt
Správce: Ano
Verze: 2.01.6.1022
Databáze malwaru: v2015.05.12.04
Databáze rootkitů: v2015.04.21.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Doma
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 429856
Uplynulý čas: 47 min, 31 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Do karantény, [655f335f2862bb7b89fbca0846bdec14],
PUP.Optional.AppendRunner.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\c5759c0b, Do karantény, [4e76e0b24743ea4caab39a3d3ec523dd],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 3
PUP.Optional.Cinema.A, C:\Program Files\CinemaP-1.9cV16.03, Do karantény, [e6de3b57d9b17eb8bb4e13a733d0956b],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro, Do karantény, [655f8f03e5a585b15d101db16c97c040],
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver, Do karantény, [655f8f03e5a585b15d101db16c97c040],
Soubory: 1
PUP.Optional.ShopperPro.A, C:\Users\Public\Documents\ShopperPro\JsDriver\Config.xml, Do karantény, [655f8f03e5a585b15d101db16c97c040],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Pro příště prosím dělej úkony tak jak jdou za sebou, ta posloupnost tam není pro ozdobu 
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)
- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni antivir
Stáhni
Zoek.exe
a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts; klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
Vlož nový log z HJT + informuj o problémech.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
RogueKiller V10.6.3.0 [May 11 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Doma [Práva správce]
Started from : C:\Users\Doma\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 05/12/2015 23:48:00
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] explorer.exe(2568) -- C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\4487libfoxloader.dll[7] -> Uvolněno
¤¤¤ Registry : 11 ¤¤¤
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> ERROR [0]
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast | (default) : {472083B0-C522-11CF-8763-00608CC02F24} -> ERROR [0]
[Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : -> ERROR [2]
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 ATA Device +++++
--- User ---
[MBR] c6779c703352283bec535cd83e31a033
[BSP] 2e9af2c598e38f41896b5fce548a1281 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 474930 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 972660734 | Size: 2007 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05122015_180814.log - RKreport_DEL_05122015_180938.log - RKreport_SCN_05122015_234356.log - RKreport_DEL_05122015_234726.log
RKreport_DEL_05122015_234742.log - RKreport_DEL_05122015_234751.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno : Normální režim
Uživatel : Doma [Práva správce]
Started from : C:\Users\Doma\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 05/12/2015 23:48:00
¤¤¤ Procesy : 1 ¤¤¤
[Suspicious.Path] explorer.exe(2568) -- C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\4487libfoxloader.dll[7] -> Uvolněno
¤¤¤ Registry : 11 ¤¤¤
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> ERROR [0]
[Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast | (default) : {472083B0-C522-11CF-8763-00608CC02F24} -> ERROR [0]
[Orphan] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} | CLSID : -> ERROR [2]
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9FE64060-573E-4B0E-9D97-C95518F7D2A5} | DhcpNameServer : [(Private Address) (XX)] -> Nahrazeno ()
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 0 -> Nahrazeno (0)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 0 -> Nahrazeno (0)
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-24A0RT0 ATA Device +++++
--- User ---
[MBR] c6779c703352283bec535cd83e31a033
[BSP] 2e9af2c598e38f41896b5fce548a1281 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 474930 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 972660734 | Size: 2007 MB
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_05122015_180814.log - RKreport_DEL_05122015_180938.log - RKreport_SCN_05122015_234356.log - RKreport_DEL_05122015_234726.log
RKreport_DEL_05122015_234742.log - RKreport_DEL_05122015_234751.log
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Doma on Łt 12.05.2015 at 23:52:33,67.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Doma\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12.5.2015 23:54:52 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\AppendRunner deleted successfully
C:\Program Files\DsNET Corp deleted successfully
C:\Users\Doma\AppData\Local\Unity deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Other\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\AppendRunner not found
C:\Program Files\DsNET Corp not found
C:\PROGRA~2\Package Cache deleted
C:\Users\Doma\AppData\Local\CrashRpt deleted
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2297444518-351592084-1249262491-1000 deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Other\AppData\Local\Google\Chrome deleted
==== Chromium Look ======================
Google Chrome Version: 42.0.2311.135
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 19:22]
Bookmark Manager - Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Skype Click to Call - Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Chromium Startpages ======================
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.seznam.cz/?clid=22668",
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF8ad2f.TMP was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Doma\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Doma\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Doma\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=13 5934791 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Doma\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Other\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Doma\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on st 13.05.2015 at 0:13:05,02 ======================
Tool run by Doma on Łt 12.05.2015 at 23:52:33,67.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Doma\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12.5.2015 23:54:52 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\AppendRunner deleted successfully
C:\Program Files\DsNET Corp deleted successfully
C:\Users\Doma\AppData\Local\Unity deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Other\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Program Files\AppendRunner not found
C:\Program Files\DsNET Corp not found
C:\PROGRA~2\Package Cache deleted
C:\Users\Doma\AppData\Local\CrashRpt deleted
C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-2297444518-351592084-1249262491-1000 deleted
C:\Windows\system32\GroupPolicy\Machine deleted
C:\Windows\system32\GroupPolicy\User deleted
C:\Windows\system32\GroupPolicy\gpt.ini deleted
==== Fake Chromium Profiles Check ======================
Fake profile C:\Users\Other\AppData\Local\Google\Chrome deleted
==== Chromium Look ======================
Google Chrome Version: 42.0.2311.135
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14.07.2014 19:22]
Bookmark Manager - Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Skype Click to Call - Doma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
==== Chromium Startpages ======================
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.seznam.cz/?clid=22668",
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF8ad2f.TMP was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Doma\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Doma\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Users\Doma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Doma\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Doma\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=7 folders=13 5934791 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Doma\AppData\Local\Temp will be emptied at reboot
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Other\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Doma\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on st 13.05.2015 at 0:13:05,02 ======================
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:21:09, on 13.5.2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Users\Doma\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 1771 bytes
Scan saved at 0:21:09, on 13.5.2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\Profiler\LWEMon.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Users\Doma\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 1771 bytes
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Podle mého názoru je změna kapku k lepšímu, ale stále mi příjde že se veškeré programy hrozně dlouho načítají, než se spustí a nejvíce pak Google Chrome.
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Nechybí ti něco v logu z HJT?
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by Doma at 2015-05-13 16:52:40
Running from C:\Users\Doma\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2297444518-351592084-1249262491-500 - Administrator - Disabled)
Doma (S-1-5-21-2297444518-351592084-1249262491-1000 - Administrator - Enabled) => C:\Users\Doma
Guest (S-1-5-21-2297444518-351592084-1249262491-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2297444518-351592084-1249262491-1002 - Limited - Enabled)
Other (S-1-5-21-2297444518-351592084-1249262491-1003 - Limited - Enabled) => C:\Users\Other
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_STANDARD_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_STANDARD_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_STANDARD_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Bandicam (HKLM\...\Bandicam) (Version: 2.2.0.777 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DFX (HKLM\...\DFX) (Version: 11.400.0.0 - Power Technology)
ESET NOD32 Antivirus (HKLM\...\{62618F58-EDD0-40A1-8CFE-DA8DA93576E4}) (Version: 8.0.312.3 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Logitech Gaming Software (HKLM\...\{93EC14D5-7AAA-4EAD-BB75-013817A96598}) (Version: 4.30 - )
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Max Recorder (HKLM\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Need For Speed™ World (HKLM\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Seznam Software (HKU\S-1-5-21-2297444518-351592084-1249262491-1000\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM\...\{EE9E75F0-1FB8-440A-A34A-058F7456E113}) (Version: 7.4.2 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2297444518-351592084-1249262491-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Doma\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Restore Points =========================
27-03-2015 20:46:17 Windows Update
28-03-2015 07:12:28 Windows Update
28-03-2015 07:42:30 Windows Update
29-03-2015 04:55:52 Windows Update
29-03-2015 05:17:47 Windows Update
31-03-2015 13:41:46 Windows Update
03-04-2015 11:33:53 Removed VirtualDJ Home FREE
03-04-2015 11:39:28 Installed VirtualDJ Home FREE
03-04-2015 11:44:01 Installed VirtualDJ Home FREE
03-04-2015 11:55:09 Removed VirtualDJ 8
03-04-2015 12:16:38 Windows Modules Installer
03-04-2015 12:52:11 Windows Update
04-04-2015 15:50:43 Installed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
04-04-2015 15:51:46 Windows Update
04-04-2015 16:26:27 Installed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
11-04-2015 15:42:40 Windows Update
11-04-2015 23:03:39 Installed Windows 7 USB/DVD Download Tool
12-04-2015 04:39:59 Installed Logitech Gaming Software
12-04-2015 04:47:22 Installed DirectX
12-04-2015 04:48:51 Installed Microsoft Visual C++ 2005 Redistributable
12-04-2015 12:57:30 Windows Update
13-04-2015 01:17:43 Installed Windows 7 USB/DVD Download Tool
13-04-2015 23:21:08 Installed ZIP RAR ACE Password Recovery
13-04-2015 23:38:21 Installed VR Xbox 360 Emulator
14-04-2015 00:11:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
14-04-2015 00:21:44 Removed Microsoft Visual C++ 2005 Redistributable
14-04-2015 03:51:12 avast! antivirus system restore point
14-04-2015 03:56:39 Device Driver Package Install: Avast Network Service
14-04-2015 16:31:28 Restore Operation
14-04-2015 17:32:00 Removed VR Xbox 360 Emulator
14-04-2015 17:33:45 Removed BlueStacks Notification Center
14-04-2015 18:30:17 Device Driver Package Install: DFX Sound, video and game controllers
16-04-2015 03:00:51 Windows Update
21-04-2015 17:35:34 Removed Adobe Community Help
21-04-2015 17:37:41 Removed Adobe Media Player
22-04-2015 06:53:31 Windows Update
29-04-2015 17:20:50 Windows Update
30-04-2015 07:14:08 Removed Adobe Download Assistant
01-05-2015 01:04:11 avast! antivirus system restore point
02-05-2015 17:34:08 Windows Update
07-05-2015 01:27:45 Windows Update
09-05-2015 23:12:46 Installed DirectX
11-05-2015 02:43:49 Windows Update
12-05-2015 13:51:21 Removed ZIP RAR ACE Password Recovery
12-05-2015 23:54:25 zoek.exe restore point
13-05-2015 02:29:59 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-05-12 23:55 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {260D0EA6-B8B0-423F-B63C-53903ED5B35C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {2832682B-9647-4E84-B33F-F651FF18D817} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.)
Task: {2D88DE03-1BC5-4DF5-ADEC-8CE026C06FA6} - \avastBCLRestartS-1-5-21-2297444518-351592084-1249262491-1000 No Task File <==== ATTENTION
Task: {3A94A138-3C03-4DB8-83F9-E139F30B88FE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F7036AA-B400-4D70-9A4E-D048A283EFD6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7932B3BD-BF21-4DF3-BB21-C29188F9AFB9} - System32\Tasks\AdobeAAMUpdater-1.0-Doma-PC-Doma => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8CF3B5C6-702C-481C-89A3-8F7B19009FD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.)
Task: {9037CFAA-0CF5-495C-9151-656319CE7B8C} - System32\Tasks\{5E7D5369-C2D3-4BAC-A9B6-64DCFD62F084} => pcalua.exe -a C:\Users\Doma\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: {9694A0A9-D004-4B75-BB1B-3EA6E6E25672} - System32\Tasks\{F27B5942-30B1-454D-B4AA-E89E82055485} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {ACAF47F4-C232-4614-8090-19322AB43200} - System32\Tasks\{5EBDC98D-E289-4E76-9A4E-4E6C725B51CD} => pcalua.exe -a "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0\Virtual DJ Pro 8.0.1910.765+Crack\install_virtualdj_pc_v8.0.exe" -d "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0\Virtual DJ Pro 8.0.1910.765+Crack"
Task: {B2C59A30-70AA-4647-834D-5DCA5FD33C58} - System32\Tasks\{5C82344E-575D-4A81-A024-4D6177CA0053} => pcalua.exe -a "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0.1910.765+Crack\Virtual DJ Pro 8.0.1910.765+Crack\install_virtualdj_pc_v8.0.exe" -d "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0.1910.765+Crack\Virtual DJ Pro 8.0.1910.765+Crack"
Task: {CE97BD85-000C-4CDD-A03D-7D3831AB0479} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D9DD19C5-9541-423D-BED6-387D212BE019} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F7FB1252-4F95-4F07-B622-A0F0E85886CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-05-10 00:57 - 2013-03-29 13:37 - 00059384 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\4487libfoxloader.dll
2015-02-28 04:21 - 2015-02-28 04:21 - 01282008 _____ () C:\Program Files\DFX\DFX.exe
2015-02-28 04:43 - 2015-02-28 04:43 - 00049112 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll
2015-05-10 00:57 - 2013-04-12 10:13 - 00457208 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-05-10 00:57 - 2013-03-25 16:39 - 00894968 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2015-05-10 00:57 - 2015-02-17 10:35 - 00764416 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\libchinst.dll
2015-02-28 04:14 - 2015-02-28 04:14 - 00130520 _____ () C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
2015-04-30 13:55 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 13:55 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 13:55 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2297444518-351592084-1249262491-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.251.6
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{9BB9F384-BFA1-49A5-BB4D-B8149A48DF49}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70E4EC42-54D2-4A80-8167-70DF5315744B}] => (Allow) LPort=2869
FirewallRules: [{13EB2AC4-3A64-48D4-9346-B50E1E311BD0}] => (Allow) LPort=1900
FirewallRules: [{FE7FE27F-DE09-4267-8D38-19CA8232541D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{067CFD05-4E2F-4FCE-92A4-BF944CE3F2C2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [TCP Query User{69E8193C-7A43-4E57-88CC-B210AFB4B9E9}C:\users\doma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\doma\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B61CA6DC-324D-4E8C-BF17-9D4CA6112153}C:\users\doma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\doma\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A1BB6B71-D750-4CF1-8D91-4CC359023B5C}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{BAF77641-B217-4EF1-8D88-E6DA5A07CFDA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{45A9DE23-AA8F-4F7D-859A-8DFA73214598}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0C13EE88-9BC1-41A3-86AE-EB6A35B652DF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B4C1FC7B-375A-4546-AEDF-3DCC9927B4CE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2015 04:36:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 07:43:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 07:40:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 00:14:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 11:21:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 07:26:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 07:22:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x2d4
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x1690
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x17dc
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:20:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007f
Fault offset: 0x0000812f
Faulting process id: 0x134c
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
System errors:
=============
Error: (05/13/2015 04:35:15 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 07:43:47 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 07:39:47 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 02:38:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).
Error: (05/13/2015 02:38:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (05/13/2015 00:12:51 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 00:09:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:07 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 81%
Total physical RAM: 2008.6 MB
Available physical RAM: 369.93 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 1774.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:463.8 GB) (Free:302.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 465.8 GB) (Disk ID: 000EA5C2)
Partition 1: (Active) - (Size=463.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=05)
==================== End Of Log ============================
Ran by Doma at 2015-05-13 16:52:40
Running from C:\Users\Doma\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2297444518-351592084-1249262491-500 - Administrator - Disabled)
Doma (S-1-5-21-2297444518-351592084-1249262491-1000 - Administrator - Enabled) => C:\Users\Doma
Guest (S-1-5-21-2297444518-351592084-1249262491-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2297444518-351592084-1249262491-1002 - Limited - Enabled)
Other (S-1-5-21-2297444518-351592084-1249262491-1003 - Limited - Enabled) => C:\Users\Other
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Aktualizácia Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-041B-0000-0000000FF1CE}_STANDARD_{9A8C39B0-D27F-4F81-BE74-2FECF164707E}) (Version: - Microsoft)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-041B-0000-0000000FF1CE}_STANDARD_{CE23B3DC-18CC-46FC-A309-81D6670F8D3D}) (Version: - Microsoft)
Aktualizácia Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-041B-0000-0000000FF1CE}_STANDARD_{D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}) (Version: - Microsoft)
Bandicam (HKLM\...\Bandicam) (Version: 2.2.0.777 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM\...\BandiMPEG1) (Version: - Bandisoft.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DFX (HKLM\...\DFX) (Version: 11.400.0.0 - Power Technology)
ESET NOD32 Antivirus (HKLM\...\{62618F58-EDD0-40A1-8CFE-DA8DA93576E4}) (Version: 8.0.312.3 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Logitech Gaming Software (HKLM\...\{93EC14D5-7AAA-4EAD-BB75-013817A96598}) (Version: 4.30 - )
Malwarebytes Anti-Malware verze 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Max Recorder (HKLM\...\Max Recorder) (Version: 2.006.0.0 - Silver Vine, LLC)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Need For Speed™ World (HKLM\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Seznam Software (HKU\S-1-5-21-2297444518-351592084-1249262491-1000\...\SeznamInstall) (Version: - Seznam.cz)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VirtualDJ Home FREE (HKLM\...\{EE9E75F0-1FB8-440A-A34A-058F7456E113}) (Version: 7.4.2 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2297444518-351592084-1249262491-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Doma\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
==================== Restore Points =========================
27-03-2015 20:46:17 Windows Update
28-03-2015 07:12:28 Windows Update
28-03-2015 07:42:30 Windows Update
29-03-2015 04:55:52 Windows Update
29-03-2015 05:17:47 Windows Update
31-03-2015 13:41:46 Windows Update
03-04-2015 11:33:53 Removed VirtualDJ Home FREE
03-04-2015 11:39:28 Installed VirtualDJ Home FREE
03-04-2015 11:44:01 Installed VirtualDJ Home FREE
03-04-2015 11:55:09 Removed VirtualDJ 8
03-04-2015 12:16:38 Windows Modules Installer
03-04-2015 12:52:11 Windows Update
04-04-2015 15:50:43 Installed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
04-04-2015 15:51:46 Windows Update
04-04-2015 16:26:27 Installed Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
11-04-2015 15:42:40 Windows Update
11-04-2015 23:03:39 Installed Windows 7 USB/DVD Download Tool
12-04-2015 04:39:59 Installed Logitech Gaming Software
12-04-2015 04:47:22 Installed DirectX
12-04-2015 04:48:51 Installed Microsoft Visual C++ 2005 Redistributable
12-04-2015 12:57:30 Windows Update
13-04-2015 01:17:43 Installed Windows 7 USB/DVD Download Tool
13-04-2015 23:21:08 Installed ZIP RAR ACE Password Recovery
13-04-2015 23:38:21 Installed VR Xbox 360 Emulator
14-04-2015 00:11:11 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
14-04-2015 00:21:44 Removed Microsoft Visual C++ 2005 Redistributable
14-04-2015 03:51:12 avast! antivirus system restore point
14-04-2015 03:56:39 Device Driver Package Install: Avast Network Service
14-04-2015 16:31:28 Restore Operation
14-04-2015 17:32:00 Removed VR Xbox 360 Emulator
14-04-2015 17:33:45 Removed BlueStacks Notification Center
14-04-2015 18:30:17 Device Driver Package Install: DFX Sound, video and game controllers
16-04-2015 03:00:51 Windows Update
21-04-2015 17:35:34 Removed Adobe Community Help
21-04-2015 17:37:41 Removed Adobe Media Player
22-04-2015 06:53:31 Windows Update
29-04-2015 17:20:50 Windows Update
30-04-2015 07:14:08 Removed Adobe Download Assistant
01-05-2015 01:04:11 avast! antivirus system restore point
02-05-2015 17:34:08 Windows Update
07-05-2015 01:27:45 Windows Update
09-05-2015 23:12:46 Installed DirectX
11-05-2015 02:43:49 Windows Update
12-05-2015 13:51:21 Removed ZIP RAR ACE Password Recovery
12-05-2015 23:54:25 zoek.exe restore point
13-05-2015 02:29:59 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-05-12 23:55 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {260D0EA6-B8B0-423F-B63C-53903ED5B35C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {2832682B-9647-4E84-B33F-F651FF18D817} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.)
Task: {2D88DE03-1BC5-4DF5-ADEC-8CE026C06FA6} - \avastBCLRestartS-1-5-21-2297444518-351592084-1249262491-1000 No Task File <==== ATTENTION
Task: {3A94A138-3C03-4DB8-83F9-E139F30B88FE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5F7036AA-B400-4D70-9A4E-D048A283EFD6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {7932B3BD-BF21-4DF3-BB21-C29188F9AFB9} - System32\Tasks\AdobeAAMUpdater-1.0-Doma-PC-Doma => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {8CF3B5C6-702C-481C-89A3-8F7B19009FD8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-03-18] (Google Inc.)
Task: {9037CFAA-0CF5-495C-9151-656319CE7B8C} - System32\Tasks\{5E7D5369-C2D3-4BAC-A9B6-64DCFD62F084} => pcalua.exe -a C:\Users\Doma\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: {9694A0A9-D004-4B75-BB1B-3EA6E6E25672} - System32\Tasks\{F27B5942-30B1-454D-B4AA-E89E82055485} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller Pro"
Task: {ACAF47F4-C232-4614-8090-19322AB43200} - System32\Tasks\{5EBDC98D-E289-4E76-9A4E-4E6C725B51CD} => pcalua.exe -a "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0\Virtual DJ Pro 8.0.1910.765+Crack\install_virtualdj_pc_v8.0.exe" -d "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0\Virtual DJ Pro 8.0.1910.765+Crack"
Task: {B2C59A30-70AA-4647-834D-5DCA5FD33C58} - System32\Tasks\{5C82344E-575D-4A81-A024-4D6177CA0053} => pcalua.exe -a "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0.1910.765+Crack\Virtual DJ Pro 8.0.1910.765+Crack\install_virtualdj_pc_v8.0.exe" -d "C:\Users\Doma\Desktop\Virtual DJ Pro 8.0.1910.765+Crack\Virtual DJ Pro 8.0.1910.765+Crack"
Task: {CE97BD85-000C-4CDD-A03D-7D3831AB0479} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D9DD19C5-9541-423D-BED6-387D212BE019} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {F7FB1252-4F95-4F07-B622-A0F0E85886CC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-05-10 00:57 - 2013-03-29 13:37 - 00059384 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\4487libfoxloader.dll
2015-02-28 04:21 - 2015-02-28 04:21 - 01282008 _____ () C:\Program Files\DFX\DFX.exe
2015-02-28 04:43 - 2015-02-28 04:43 - 00049112 _____ () C:\Program Files\Common Files\DFX\Dlls\dfxShared32.dll
2015-05-10 00:57 - 2013-04-12 10:13 - 00457208 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
2015-05-10 00:57 - 2013-03-25 16:39 - 00894968 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\lightspeed.dll
2015-05-10 00:57 - 2015-02-17 10:35 - 00764416 _____ () C:\Users\Doma\AppData\Roaming\Seznam.cz\bin\libchinst.dll
2015-02-28 04:14 - 2015-02-28 04:14 - 00130520 _____ () C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
2015-04-30 13:55 - 2015-04-28 04:07 - 01252680 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 13:55 - 2015-04-28 04:07 - 00080712 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\libegl.dll
2015-04-30 13:55 - 2015-04-28 04:07 - 14980424 _____ () C:\Program Files\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2297444518-351592084-1249262491-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doma\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.251.6
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [{9BB9F384-BFA1-49A5-BB4D-B8149A48DF49}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{70E4EC42-54D2-4A80-8167-70DF5315744B}] => (Allow) LPort=2869
FirewallRules: [{13EB2AC4-3A64-48D4-9346-B50E1E311BD0}] => (Allow) LPort=1900
FirewallRules: [{FE7FE27F-DE09-4267-8D38-19CA8232541D}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{067CFD05-4E2F-4FCE-92A4-BF944CE3F2C2}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [TCP Query User{69E8193C-7A43-4E57-88CC-B210AFB4B9E9}C:\users\doma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\doma\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{B61CA6DC-324D-4E8C-BF17-9D4CA6112153}C:\users\doma\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\doma\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{A1BB6B71-D750-4CF1-8D91-4CC359023B5C}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [UDP Query User{BAF77641-B217-4EF1-8D88-E6DA5A07CFDA}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe
FirewallRules: [{45A9DE23-AA8F-4F7D-859A-8DFA73214598}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0C13EE88-9BC1-41A3-86AE-EB6A35B652DF}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{B4C1FC7B-375A-4546-AEDF-3DCC9927B4CE}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Description: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/13/2015 04:36:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 07:43:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 07:40:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/13/2015 00:14:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 11:21:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 07:26:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/12/2015 07:22:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x2d4
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:21:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x1690
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:20:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007e
Fault offset: 0x0000812f
Faulting process id: 0x17dc
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
Error: (05/12/2015 07:20:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Photoshop.exe, version: 13.0.0.0, time stamp: 0x4f61beba
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x531599f6
Exception code: 0xc06d007f
Fault offset: 0x0000812f
Faulting process id: 0x134c
Faulting application start time: 0xPhotoshop.exe0
Faulting application path: Photoshop.exe1
Faulting module path: Photoshop.exe2
Report Id: Photoshop.exe3
System errors:
=============
Error: (05/13/2015 04:35:15 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 07:43:47 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 07:39:47 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 02:38:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).
Error: (05/13/2015 02:38:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (05/13/2015 00:12:51 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (05/13/2015 00:09:09 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (05/13/2015 00:09:07 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 81%
Total physical RAM: 2008.6 MB
Available physical RAM: 369.93 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 1774.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:463.8 GB) (Free:302.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 465.8 GB) (Disk ID: 000EA5C2)Partition 1: (Active) - (Size=463.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=05)
==================== End Of Log ============================
-
jerabina
- člen Security týmu
-
Level 6
- Příspěvky: 3647
- Registrován: březen 13
- Bydliště: Litoměřice
- Pohlaví:
- Stav:
Offline
Re: Moc Vás prosím o kontrolu logu. Pomalý jak slon Děkuji
Ahoj, potřeboval bych ještě FRST.txt a log z CrystalDiskInfo.
Když nevíš jak dál, přichází na řadu prostudovat manuál!
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
HJT návod
Pokud neodpovídám do vašich témat v sekci HJT když jsem online, tak je to jen proto, že jsem na mobilu kde je studování logů a psaní skriptů nemožné. Neberte to tedy prosím jako ignoraci.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 105 hostů