Pomalý notebook
Napsal: 07 srp 2018 14:57
Dobrý den můžete prosím zkontrolovat log.Začal se zasekávat Windows 7 a hlavně Google Chrome je pomalý.Děkuji
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Administrator (administrator) on ASUS-PC (07-08-2018 15:52:02)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178504 2018-07-29] (ESET)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.15.113 10.10.10.10
Tcpip\..\Interfaces\{761E390A-5AC4-4B8C-A391-EDD7345750D3}: [DhcpNameServer] 172.16.15.113 10.10.10.10
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3546790142-3334937677-1941923331-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: jvlxzws6.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jvlxzws6.default [2018-08-07]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-05] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2018-08-07]
CHR Extension: (Prezentace) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-05]
CHR Extension: (Dokumenty) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-05]
CHR Extension: (Disk Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-05]
CHR Extension: (Tabulky) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-05]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2330224 2018-07-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2330224 2018-07-29] (ESET)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143624 2018-07-29] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109920 2018-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-07-29] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-07-29] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-07-29] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61552 2018-07-29] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [110376 2018-07-29] (ESET)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-07 15:52 - 2018-08-07 15:54 - 000008952 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-08-07 15:51 - 2018-08-07 15:52 - 000000000 ____D C:\FRST
2018-08-07 15:51 - 2018-08-07 15:50 - 000112640 _____ (forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
2018-08-07 15:50 - 2018-08-07 15:50 - 000112640 _____ (forum.viry.cz) C:\Users\Administrator\Downloads\FRSTLauncher.exe
2018-08-07 15:49 - 2018-08-07 15:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-08-07 15:49 - 2018-08-07 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-08-07 15:49 - 2018-08-07 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-08-07 15:45 - 2018-08-07 15:45 - 002412544 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-08-07 15:44 - 2018-08-07 15:45 - 002412544 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2018-08-05 21:52 - 2018-08-05 21:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-05 21:43 - 2018-08-05 21:44 - 001520152 _____ (IObit ) C:\Users\Administrator\Downloads\iobit-unlocker-setup-beta.exe
2018-08-05 21:30 - 2018-08-05 21:30 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-05 21:30 - 2018-08-05 21:30 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-29 10:38 - 2018-07-29 10:38 - 000001707 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-07-29 10:38 - 2018-07-29 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-29 10:38 - 2018-07-29 10:38 - 000000000 ____D C:\Program Files\iPod
2018-07-29 10:37 - 2018-07-29 10:38 - 000000000 ____D C:\Program Files\iTunes
2018-07-29 10:37 - 2018-07-29 10:37 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-07-29 10:37 - 2018-07-29 10:37 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files\Bonjour
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-07-22 12:19 - 2018-07-22 12:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-22 12:19 - 2018-07-22 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 17:47 - 2018-08-05 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-07-18 17:47 - 2018-07-18 17:51 - 000000000 ____D C:\Users\Administrator\Documents\GTA San Andreas User Files
2018-07-18 17:47 - 2018-07-18 17:47 - 000000000 ____D C:\ProgramData\Caphyon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-07 15:37 - 2009-07-14 06:45 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-07 15:37 - 2009-07-14 06:45 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-07 15:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-05 21:31 - 2018-02-07 17:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-08-05 21:29 - 2018-02-07 17:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 21:28 - 2018-05-27 15:05 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-05 21:28 - 2018-05-27 15:05 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-29 10:43 - 2018-02-25 17:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2018-07-29 10:38 - 2018-02-25 17:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2018-07-29 10:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-07-29 10:37 - 2018-02-25 17:32 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-29 10:37 - 2018-02-25 17:31 - 000000000 ____D C:\ProgramData\Apple
2018-07-29 10:32 - 2018-01-19 16:32 - 000143624 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-07-29 10:32 - 2018-01-19 16:32 - 000110376 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000196112 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000109920 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000082816 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000061552 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000050144 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2018-07-23 11:52 - 2018-05-27 15:11 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-07-22 12:27 - 2018-03-21 18:04 - 000000000 ____D C:\Program Files\WinRAR
2018-07-22 12:26 - 2018-03-11 17:51 - 000000000 ____D C:\Program Files\CCleaner
2018-07-22 12:25 - 2018-05-27 15:11 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-22 12:25 - 2018-05-27 15:11 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-22 12:09 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Administrator\Downloads\Ulozto
2018-07-18 17:43 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Ulozto File Manager
2018-07-18 15:58 - 2018-05-27 17:55 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2018-07-18 15:58 - 2018-05-27 17:55 - 000001053 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2018-07-18 15:58 - 2018-05-27 17:54 - 000000000 ____D C:\Program Files (x86)\Ulozto File Manager
==================== Files in the root of some directories =======
Some files in TEMP:
====================
2018-08-05 21:51 - 2018-08-05 21:51 - 078695592 _____ (Malwarebytes ) C:\Users\Administrator\AppData\Local\Temp\mb3-setup-adwc.adwc1003.5.1.2522-1.0.391-1.0.6197.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Administrator\Desktop" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Administrator (07-08-2018 15:54:55)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-02-07 15:19:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3546790142-3334937677-1941923331-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3546790142-3334937677-1941923331-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FEC0590D-D4DE-DB7C-C625-657FC30CF927}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM-x32\...\{133B19CF-2FDA-492C-07AD-FAE04DB76C99}) (Version: 2009.1118.1260.23275 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{56E3752E-E2E6-4F7C-AC04-24BC03A78F09}) (Version: 12.8.0.150 - Apple Inc.)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Ulož.to FileManager verze 2.45 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.45 - Uloz.to cloud a.s.)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-11-18] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15281D27-20A5-4F51-A0B0-09E1D5AC9FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.)
Task: {258BE042-BF5C-4852-97CB-9CE2F23F0C1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.)
Task: {2E87116F-6AE2-44B3-A093-3BB5986CD282} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {4A67AB81-BA83-46FF-8FF2-2F51A0DCFEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {6943C19F-E7AA-4358-ADEE-DD39AA6DB5A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {9AB88E90-AAA0-41A5-A7C1-AA677CBFD424} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-05 21:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-08-05 21:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3546790142-3334937677-1941923331-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.15.113 - 10.10.10.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Síťový adaptér Ethernet
Description: Síťový adaptér Ethernet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/07/2018 03:27:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/07/2018 02:15:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/06/2018 10:14:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:22:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: gta_sa.exe, verze: 0.0.0.0, časové razítko: 0x427101ca
Název chybujícího modulu: gta_sa.exe, verze: 0.0.0.0, časové razítko: 0x427101ca
Kód výjimky: 0xc0000005
Posun chyby: 0x000dd5a3
ID chybujícího procesu: 0xb30
Čas spuštění chybující aplikace: 0x01d42cf1ac047517
Cesta k chybující aplikaci: C:\Program Files (x86)\GTA San Andreas\gta_sa.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\GTA San Andreas\gta_sa.exe
ID zprávy: f4bf441b-98e4-11e8-be99-74f06dcdbeda
Error: (08/05/2018 09:22:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (08/07/2018 03:25:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba Publikování na webu závisí na službě Aktivační služba procesů systému Windows, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.
Error: (08/07/2018 03:25:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Aktivační služba procesů systému Windows byla ukončena s následující chybou:
Systém nemůže nalézt uvedenou cestu.
Error: (08/07/2018 03:25:52 PM) (Source: WAS) (EventID: 5005) (User: )
Description: Aktivační služba procesů systému Windows (WAS) je zastavována, protože zjistila chybu. Datové pole obsahuje číslo chyby.
Error: (08/07/2018 03:25:52 PM) (Source: WAS) (EventID: 5188) (User: )
Description: Adresář zadaný pro dočasné konfigurační soubory fondu aplikací buď neexistuje, nebo není službě WAS (WINDOWS PROCESS ACTIVATION SERVICE) přístupný. Zadejte existující adresář a zkontrolujte, zda má nastaveny správné příznaky přístupu. Datové pole obsahuje číslo chyby.
Error: (08/07/2018 03:25:48 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Při pokusu o přístup ke kořenovému adresáři historie C:\inetpub\history zjistila pomocná služba hostitele aplikace chybu. Adresář buď neexistuje, nebo jeho oprávnění nepovolují přístup službě historie. Funkce historie konfigurací je prozatím zakázána a bude povolena po vyřešení problému. Chcete-li tento problém vyřešit, zkontrolujte, zda adresář existuje a zda k němu má skupina Administrators přístup pro čtení a zápis. Datové pole obsahuje číslo chyby.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by Administrator (administrator) on ASUS-PC (07-08-2018 15:52:02)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [178504 2018-07-29] (ESET)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.15.113 10.10.10.10
Tcpip\..\Interfaces\{761E390A-5AC4-4B8C-A391-EDD7345750D3}: [DhcpNameServer] 172.16.15.113 10.10.10.10
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3546790142-3334937677-1941923331-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2018-01-01] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2018-01-01] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: jvlxzws6.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jvlxzws6.default [2018-08-07]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-08-05] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2018-08-07]
CHR Extension: (Prezentace) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-05]
CHR Extension: (Dokumenty) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-05]
CHR Extension: (Disk Google) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-05]
CHR Extension: (Tabulky) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-05]
CHR Extension: (Dokumenty Google offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-05]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-05]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-05]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2330224 2018-07-29] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2330224 2018-07-29] (ESET)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-04-13] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [143624 2018-07-29] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [109920 2018-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [196112 2018-07-29] (ESET)
R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [50144 2018-07-29] (ESET)
R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82816 2018-07-29] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61552 2018-07-29] (ESET)
R1 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [110376 2018-07-29] (ESET)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-07 15:52 - 2018-08-07 15:54 - 000008952 _____ C:\Users\Administrator\Desktop\FRST.txt
2018-08-07 15:51 - 2018-08-07 15:52 - 000000000 ____D C:\FRST
2018-08-07 15:51 - 2018-08-07 15:50 - 000112640 _____ (forum.viry.cz) C:\Users\Administrator\Desktop\FRSTLauncher.exe
2018-08-07 15:50 - 2018-08-07 15:50 - 000112640 _____ (forum.viry.cz) C:\Users\Administrator\Downloads\FRSTLauncher.exe
2018-08-07 15:49 - 2018-08-07 15:53 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2018-08-07 15:49 - 2018-08-07 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-08-07 15:49 - 2018-08-07 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-08-07 15:45 - 2018-08-07 15:45 - 002412544 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2018-08-07 15:44 - 2018-08-07 15:45 - 002412544 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2018-08-05 21:52 - 2018-08-05 21:52 - 000000000 ____D C:\Program Files\Malwarebytes
2018-08-05 21:43 - 2018-08-05 21:44 - 001520152 _____ (IObit ) C:\Users\Administrator\Downloads\iobit-unlocker-setup-beta.exe
2018-08-05 21:30 - 2018-08-05 21:30 - 000002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-05 21:30 - 2018-08-05 21:30 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-29 10:38 - 2018-07-29 10:38 - 000001707 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-07-29 10:38 - 2018-07-29 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-07-29 10:38 - 2018-07-29 10:38 - 000000000 ____D C:\Program Files\iPod
2018-07-29 10:37 - 2018-07-29 10:38 - 000000000 ____D C:\Program Files\iTunes
2018-07-29 10:37 - 2018-07-29 10:37 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-07-29 10:37 - 2018-07-29 10:37 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files\Bonjour
2018-07-29 10:36 - 2018-07-29 10:36 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-07-22 12:19 - 2018-07-22 12:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-22 12:19 - 2018-07-22 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-07-18 17:47 - 2018-08-05 21:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-07-18 17:47 - 2018-07-18 17:51 - 000000000 ____D C:\Users\Administrator\Documents\GTA San Andreas User Files
2018-07-18 17:47 - 2018-07-18 17:47 - 000000000 ____D C:\ProgramData\Caphyon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-07 15:37 - 2009-07-14 06:45 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-08-07 15:37 - 2009-07-14 06:45 - 000021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-08-07 15:25 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-08-05 21:31 - 2018-02-07 17:30 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2018-08-05 21:29 - 2018-02-07 17:28 - 000000000 ____D C:\Program Files (x86)\Google
2018-08-05 21:28 - 2018-05-27 15:05 - 000003386 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-05 21:28 - 2018-05-27 15:05 - 000003258 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-29 10:43 - 2018-02-25 17:32 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2018-07-29 10:38 - 2018-02-25 17:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2018-07-29 10:38 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2018-07-29 10:37 - 2018-02-25 17:32 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-29 10:37 - 2018-02-25 17:31 - 000000000 ____D C:\ProgramData\Apple
2018-07-29 10:32 - 2018-01-19 16:32 - 000143624 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2018-07-29 10:32 - 2018-01-19 16:32 - 000110376 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000196112 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000109920 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000082816 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000061552 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys
2018-07-29 10:32 - 2018-01-19 16:31 - 000050144 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2018-07-23 11:52 - 2018-05-27 15:11 - 000002806 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-07-22 12:27 - 2018-03-21 18:04 - 000000000 ____D C:\Program Files\WinRAR
2018-07-22 12:26 - 2018-03-11 17:51 - 000000000 ____D C:\Program Files\CCleaner
2018-07-22 12:25 - 2018-05-27 15:11 - 000003870 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-22 12:25 - 2018-05-27 15:11 - 000000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-22 12:09 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Administrator\Downloads\Ulozto
2018-07-18 17:43 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Ulozto File Manager
2018-07-18 15:58 - 2018-05-27 17:55 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulož.to FileManager.lnk
2018-07-18 15:58 - 2018-05-27 17:55 - 000001053 _____ C:\Users\Public\Desktop\Ulož.to FileManager.lnk
2018-07-18 15:58 - 2018-05-27 17:54 - 000000000 ____D C:\Program Files (x86)\Ulozto File Manager
==================== Files in the root of some directories =======
Some files in TEMP:
====================
2018-08-05 21:51 - 2018-08-05 21:51 - 078695592 _____ (Malwarebytes ) C:\Users\Administrator\AppData\Local\Temp\mb3-setup-adwc.adwc1003.5.1.2522-1.0.391-1.0.6197.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Administrator\Desktop" je 2 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by Administrator (07-08-2018 15:54:55)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2018-02-07 15:19:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3546790142-3334937677-1941923331-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-3546790142-3334937677-1941923331-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Apple Mobile Device Support (HKLM\...\{C29B636B-9015-4ED1-A12F-6375A337F23B}) (Version: 11.4.1.46 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{FEC0590D-D4DE-DB7C-C625-657FC30CF927}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ccc-core-static (HKLM-x32\...\{133B19CF-2FDA-492C-07AD-FAE04DB76C99}) (Version: 2009.1118.1260.23275 - Název společnosti:) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Driver - San Francisco (HKLM-x32\...\Driver - San Francisco_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
iTunes (HKLM\...\{56E3752E-E2E6-4F7C-AC04-24BC03A78F09}) (Version: 12.8.0.150 - Apple Inc.)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{E5347310-C82F-4833-AA36-8D11E5A8A86A}) (Version: 6.6 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{D745E014-74DD-43A3-98DF-E7D38164B681}) (Version: 6.6 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8117 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Ulož.to FileManager verze 2.45 (HKLM-x32\...\{7DE5EA5D-C933-4549-9A44-5BC671F23BBF}_is1) (Version: 2.45 - Uloz.to cloud a.s.)
WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers1: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers4: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2009-11-18] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2018-07-29] (ESET)
ContextMenuHandlers6: [UnLockerMenu] -> {410BF280-86EF-4E0F-8279-EC5848546AD3} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {15281D27-20A5-4F51-A0B0-09E1D5AC9FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.)
Task: {258BE042-BF5C-4852-97CB-9CE2F23F0C1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-08-05] (Google Inc.)
Task: {2E87116F-6AE2-44B3-A093-3BB5986CD282} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {4A67AB81-BA83-46FF-8FF2-2F51A0DCFEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {6943C19F-E7AA-4358-ADEE-DD39AA6DB5A7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
Task: {9AB88E90-AAA0-41A5-A7C1-AA677CBFD424} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-04-13] (Realtek Semiconductor)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
2018-06-23 06:56 - 2018-06-23 06:56 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-06-23 06:56 - 2018-06-23 06:56 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-08-05 21:30 - 2018-07-31 01:32 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libglesv2.dll
2018-08-05 21:30 - 2018-07-31 01:32 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.84\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3546790142-3334937677-1941923331-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.16.15.113 - 10.10.10.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Síťový adaptér Ethernet
Description: Síťový adaptér Ethernet
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/07/2018 03:27:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/07/2018 02:15:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/06/2018 10:14:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:48:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:34:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (08/05/2018 09:22:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: gta_sa.exe, verze: 0.0.0.0, časové razítko: 0x427101ca
Název chybujícího modulu: gta_sa.exe, verze: 0.0.0.0, časové razítko: 0x427101ca
Kód výjimky: 0xc0000005
Posun chyby: 0x000dd5a3
ID chybujícího procesu: 0xb30
Čas spuštění chybující aplikace: 0x01d42cf1ac047517
Cesta k chybující aplikaci: C:\Program Files (x86)\GTA San Andreas\gta_sa.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\GTA San Andreas\gta_sa.exe
ID zprávy: f4bf441b-98e4-11e8-be99-74f06dcdbeda
Error: (08/05/2018 09:22:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (08/07/2018 03:25:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba Služba Publikování na webu závisí na službě Aktivační služba procesů systému Windows, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedenou cestu.
Error: (08/07/2018 03:25:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Aktivační služba procesů systému Windows byla ukončena s následující chybou:
Systém nemůže nalézt uvedenou cestu.
Error: (08/07/2018 03:25:52 PM) (Source: WAS) (EventID: 5005) (User: )
Description: Aktivační služba procesů systému Windows (WAS) je zastavována, protože zjistila chybu. Datové pole obsahuje číslo chyby.
Error: (08/07/2018 03:25:52 PM) (Source: WAS) (EventID: 5188) (User: )
Description: Adresář zadaný pro dočasné konfigurační soubory fondu aplikací buď neexistuje, nebo není službě WAS (WINDOWS PROCESS ACTIVATION SERVICE) přístupný. Zadejte existující adresář a zkontrolujte, zda má nastaveny správné příznaky přístupu. Datové pole obsahuje číslo chyby.
Error: (08/07/2018 03:25:48 PM) (Source: APPHOSTSVC) (EventID: 9010) (User: )
Description: Při pokusu o přístup ke kořenovému adresáři historie C:\inetpub\history zjistila pomocná služba hostitele aplikace chybu. Adresář buď neexistuje, nebo jeho oprávnění nepovolují přístup službě historie. Funkce historie konfigurací je prozatím zakázána a bude povolena po vyřešení problému. Chcete-li tento problém vyřešit, zkontrolujte, zda adresář existuje a zda k němu má skupina Administrators přístup pro čtení a zápis. Datové pole obsahuje číslo chyby.
