Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Notebook pomalá práce s fotkami

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Notebook pomalá práce s fotkami

#1 Příspěvek od samsungs6edge »

Dobrý den mám notebook kde je Windows 7 Pro. Dříve vše fungovalo na 100%, ale poslední 2 měsíce se setkávám s tímto problémem, když otevřu složku s fotkami a pravým tlačítkem na myši dám otočit fotku nebo i vlastnosti tak se pouze točí kurzor myši a dále se nic neprovede. Můžete mě prosím zkontrolovat níže poslané logy? Děkuji za vaši pomoc.

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#2 Příspěvek od samsungs6edge »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ASUS (administrator) on ASUS-PC (ASUSTeK Computer Inc. K52De) (05-01-2021 10:45:24)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ASUS
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Golden Frog, GmbH.) [File not signed] C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2019-06-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {156A60DC-64FD-4E68-9C2B-2BA95E54F788} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1D73BD59-6E9F-4A20-8EB2-95063ECD0AA1} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1275720 2020-11-24] (Privax Limited -> Privax Limited)
Task: {42708DDB-89F8-4882-89A9-E87342DD7FB9} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [5479824 2020-11-19] (Privax Limited -> Privax Limited)
Task: {C01AF94E-D611-4A43-B5C6-33B03A371CC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C2055F98-DCB2-4426-943B-7411F4311345} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4663112 2020-11-24] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --guid 3048f52c-2c0f-4821-a7d8-e3fc99449d62
Task: {CA710A94-EE44-4A47-82CF-B312A7642D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-15] (Google LLC -> Google LLC)
Task: {E2F8253B-9BB2-4464-AE48-8F2F8BDF6423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-15] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1EC790A7-A597-4911-B474-5FDCFB47C749}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B84CBC3F-0EF3-4383-A9CC-E03D99F59C93}: [NameServer] 100.120.66.1
Tcpip\..\Interfaces\{C65EB574-8DD7-4E32-9F13-FE05AF6EE1EB}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: 6k7q4gvg.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6k7q4gvg.default [2020-08-15]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cfrlh2d6.default-release [2020-12-26]
FF DownloadDir: D:\Download Mozilla
FF Homepage: Mozilla\Firefox\Profiles\cfrlh2d6.default-release -> www.seznam.cz
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-01-05]
CHR DownloadDir: D:\Stažené soubory
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (AdvBlocker AdBlocker) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjbaljgolmlcmmklmmeafecikidmjpi [2020-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4582080 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [7676744 2020-11-24] (Privax Limited -> Privax Limited)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [269584 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-12-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [407040 2020-08-10] (Golden Frog, GmbH.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 hmatap; C:\Windows\System32\DRIVERS\hmatap.sys [45560 2020-07-16] (Privax Limited -> The OpenVPN Project)
R3 nlwt; C:\Windows\System32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\Windows\System32\DRIVERS\nordlwf.sys [29384 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [28160 2020-08-10] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2020-08-10] (Golden Frog, GmbH -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2020-12-15] (WireGuard LLC -> WireGuard LLC)
S3 iscFlash; \??\E:\iscflashx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 10:45 - 2021-01-05 10:45 - 000011341 _____ C:\Users\Administrator\Desktop\FRST.txt
2021-01-05 10:45 - 2021-01-05 10:45 - 000000000 ____D C:\FRST
2021-01-05 10:45 - 2021-01-05 10:43 - 002286592 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-12-27 10:30 - 2021-01-03 14:57 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka (3)
2020-12-26 10:45 - 2020-12-26 10:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2020-12-26 10:44 - 2020-12-26 10:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-24 16:48 - 2020-12-24 16:53 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka (2)
2020-12-23 10:03 - 2020-12-30 13:47 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2020-12-17 15:25 - 2020-12-17 15:25 - 000000000 ____D C:\Program Files\Samsung
2020-12-17 15:25 - 2019-12-17 11:50 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2020-12-17 15:25 - 2019-12-17 11:50 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2020-12-17 15:24 - 2020-12-17 15:24 - 000000000 ____D C:\ProgramData\Samsung
2020-12-16 09:23 - 2020-12-16 09:23 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000001760 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files\iTunes
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files\iPod
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-12-15 10:28 - 2020-12-16 09:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2020-12-15 10:28 - 2020-12-15 10:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Program Files\Bonjour
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Program Files (x86)\Bonjour
2020-12-15 10:25 - 2020-12-15 10:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden_Frog,_GmbH
2020-12-15 10:25 - 2020-12-15 10:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden Frog, GmbH
2020-12-15 10:24 - 2020-12-15 10:24 - 000029576 ____T (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2020-12-15 10:24 - 2020-12-15 10:24 - 000001004 _____ C:\Users\Public\Desktop\VyprVPN.lnk
2020-12-15 10:24 - 2020-12-15 10:24 - 000001004 _____ C:\ProgramData\Desktop\VyprVPN.lnk
2020-12-15 10:24 - 2020-12-15 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Golden Frog, GmbH
2020-12-15 10:24 - 2020-12-15 10:24 - 000000000 ____D C:\ProgramData\Golden Frog, GmbH
2020-12-15 10:23 - 2020-12-15 10:24 - 000000000 ____D C:\Program Files (x86)\VyprVPN
2020-12-11 17:05 - 2020-12-11 17:05 - 000001584 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2020-12-11 16:59 - 2020-12-11 17:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\babl-0.1
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\GIMP
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\GIMP
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\gegl-0.4
2020-12-11 16:54 - 2020-12-11 17:07 - 000000000 ____D C:\Program Files\GIMP 2
2020-12-06 16:13 - 2020-12-06 16:13 - 000001090 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-12-06 16:13 - 2020-12-06 16:13 - 000001090 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\VS Revo Group
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-06 16:13 - 2020-09-29 09:54 - 000047280 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 07:31 - 2020-09-16 08:56 - 000000000 ____D C:\Program Files\CCleaner
2021-01-05 07:29 - 2009-07-14 05:45 - 000032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-05 07:29 - 2009-07-14 05:45 - 000032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-05 07:26 - 2011-04-12 09:34 - 000647494 _____ C:\Windows\system32\perfh005.dat
2021-01-05 07:26 - 2011-04-12 09:34 - 000132822 _____ C:\Windows\system32\perfc005.dat
2021-01-05 07:26 - 2009-07-14 06:13 - 001523392 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-05 07:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-01-05 07:21 - 2020-08-15 13:58 - 000003882 _____ C:\Windows\system32\Tasks\HMA VPN Update
2021-01-05 07:21 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-04 10:21 - 2020-10-24 14:42 - 000000000 ____D C:\Program Files (x86)\3uTools
2021-01-01 16:36 - 2020-08-30 10:53 - 000000412 __RSH C:\ProgramData\ntuser.pol
2020-12-26 22:00 - 2020-08-15 10:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2020-12-26 18:04 - 2020-08-15 10:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2020-12-26 17:11 - 2020-08-15 10:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\uTorrent
2020-12-26 17:11 - 2020-08-15 10:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\BitTorrentHelper
2020-12-24 16:39 - 2020-08-15 11:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ICQ
2020-12-16 16:15 - 2020-08-15 10:30 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2020-12-16 15:58 - 2020-10-19 16:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-16 09:22 - 2020-08-15 13:50 - 000000000 ____D C:\Program Files\Common Files\Apple
2020-12-16 09:20 - 2020-08-15 11:10 - 000000000 ____D C:\ProgramData\Apple
2020-12-15 10:24 - 2020-08-15 13:46 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-12 12:52 - 2020-09-16 08:56 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-12 12:52 - 2020-09-16 08:56 - 000000835 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-12 12:52 - 2020-09-16 08:56 - 000000835 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002196 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002196 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-06 16:16 - 2020-08-15 13:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\IPVanish

==================== Files in the root of some directories ========

2020-12-11 17:05 - 2020-12-11 17:05 - 000001584 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-02 10:06
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ASUS (05-01-2021 10:46:22)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2020-08-15 09:10:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ASUS (S-1-5-21-957794653-3658390102-4247516689-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-957794653-3658390102-4247516689-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
3uTools (HKLM-x32\...\3uTools) (Version: 2.55.012 - ShangHai ZhangZheng Network Technology Co., Ltd.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AltServer (HKLM-x32\...\{F6FFD3DD-A872-4F18-BD81-334A52EF9BFE}) (Version: 1.4.1 - Riley Testut)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
balenaEtcher 1.5.109 (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.109 - Balena Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1371 - Disc Soft Ltd)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
HMA VPN (HKLM\...\Privax HMA) (Version: 5.3.5263.1100 - Privax)
HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
ICQ New (verze 10.0.43158) (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\icq.desktop) (Version: 10.0.43158 - Mail.ru LLC)
InstallWintun (HKLM\...\{FE2AA480-D491-4272-92BC-EAE2101B8B94}) (Version: 1.0.0 - WireGuard LLC) Hidden
IPVanish (HKLM\...\{C9EB342E-66CA-4EAC-893E-C9BF85D41758}) (Version: 3.6.1.0 - Mudhook Marketing, Inc) Hidden
IPVanish (HKLM-x32\...\{4e1fc03e-40ca-4a95-bfbb-8527987dce24}) (Version: 3.6.1.0 - Mudhook Marketing, Inc)
iTunes (HKLM\...\{6B5E1BB0-7219-47AC-AA8C-9C2C9950E1E5}) (Version: 12.10.10.2 - Apple Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.31.13.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{73EC9EBF-8350-4C38-9262-3CB464532FA9}) (Version: 1.0.0 - NordVPN)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.3.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.8 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 4.1.0.10541 - Golden Frog, GmbH.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-08-10 15:28 - 2020-08-10 15:28 - 000101888 _____ () [File not signed] [File is in use] C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2020-10-12 18:55 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-27 22:48 - 2019-03-27 22:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-957794653-3658390102-4247516689-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-957794653-3658390102-4247516689-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: AltServer => C:\Program Files (x86)\AltServer\AltServer.exe
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: ExpressVPNNotificationService => "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
MSCONFIG\startupreg: iCloud => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MiPhoneManager => "C:\Users\Administrator\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CED1911A-951C-4A8D-9276-F825AA4AA1B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{198A0174-A249-4D41-94A5-00510DC7C4EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{416C8019-C7D0-4CEB-920F-ADE4C72A4B41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2E029800-933B-4D1B-9138-3CD7DACB591B}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7A46B10-026E-45D4-AB0D-21CE1BFE0A7E}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{94EBA9EE-9C51-4EAA-9EA6-4042F8BBAFD7}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A0AC10EE-2B96-417E-B463-46676C190A23}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{747BA921-5698-4FC0-8110-18C16D30E074}] => (Allow) LPort=80
FirewallRules: [{BFA7C10F-6325-473A-9F32-8AC828DFE75D}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{50C0925F-06D9-4972-B2ED-F16E47B10AF6}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.43 GB) (Free:51.01 GB) (52%)
Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-VyprVPN Adapter V9
Description: TAP-VyprVPN Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-VyprVPN Provider V9
Service: tapvyprvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HL-DT-ST DVDRAM GT34N ATA Device
Description: Jednotka CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní jednotky CD-ROM)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9285 – adaptér bezdrátové sítě
Description: Atheros AR9285 – adaptér bezdrátové sítě
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/05/2021 07:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/04/2021 01:50:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 87.0.4280.88 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 13d0

Čas spuštění: 01d6e297cca4d29d

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 60989264-4e8b-11eb-bd30-bcaec535cdc5

Error: (01/04/2021 08:02:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/03/2021 02:04:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.1.7601.23537 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 578

Čas spuštění: 01d6e19e6e3c2d2d

Čas ukončení: 18

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení: 31f4cb2e-4dc4-11eb-b0dc-bcaec535cdc5

Error: (01/03/2021 09:34:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 87.0.4280.88 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 564

Čas spuštění: 01d6e1ab04117c52

Čas ukončení: 9

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 80aec424-4d9e-11eb-b0dc-bcaec535cdc5

Error: (01/03/2021 08:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2021 08:02:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2021 04:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/05/2021 07:22:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/04/2021 10:11:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba nordvpn-service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/04/2021 01:50:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/04/2021 08:02:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/03/2021 10:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VyprVPN byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/03/2021 10:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba nordvpn-service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/03/2021 09:34:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/03/2021 08:03:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom


==================== Memory info ===========================

BIOS: American Megatrends Inc. K52De.210 01/27/2011
Motherboard: ASUSTeK Computer Inc. K52De
Processor: AMD Athlon(tm) II P360 Dual-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 6141.84 MB
Available physical RAM: 3521.27 MB
Total Virtual: 12281.81 MB
Available Virtual: 9643.7 MB

==================== Drives ================================

Drive c: (Windows 7 SSD) (Fixed) (Total:97.43 GB) (Free:51.01 GB) NTFS
Drive d: (Dokumenty SSD) (Fixed) (Total:140.82 GB) (Free:55.19 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#3 Příspěvek od samsungs6edge »

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-05-2021
# Duration: 00:00:22
# OS: Windows 7 Professional
# Scanned: 31930
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Notebook pomalá práce s fotkami

#4 Příspěvek od Conder »

Ahoj :)

:arrow: V PC nie je nainstalovany ziadny antivirus a tiez je vypnuty aj Windows Firewall. Odporucam nejaky nainstalovat.

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    ExportKey: HKLM\System\CurrentControlSet\Services\VSS
    PowerShell: Get-Service -Name VSS | Select *
    
    BootExecute: autocheck autochk * icarus_rvrt.exe
    CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
    S3 iscFlash; \??\E:\iscflashx64.sys [X]
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#5 Příspěvek od samsungs6edge »

Zde je log

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by ASUS (06-01-2021 10:31:36) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ASUS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\System\CurrentControlSet\Services\VSS
PowerShell: Get-Service -Name VSS | Select *

BootExecute: autocheck autochk * icarus_rvrt.exe
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
S3 iscFlash; \??\E:\iscflashx64.sys [X]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 76
Average :
Sum : 115053261
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\System\CurrentControlSet\Services\VSS]
"DisplayName"="@%systemroot%\system32\vssvc.exe,-102"
"ImagePath"="%systemroot%\system32\vssvc.exe"
"Description"="@%systemroot%\system32\vssvc.exe,-101"
"ObjectName"="LocalSystem"
"ErrorControl"="1"
"Start"="3"
"Type"="16"
"DependOnService"="RPCSS"
"ServiceSidType"="1"
[HKLM\System\CurrentControlSet\Services\VSS\Diag]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\SPP]
"SppGetSnapshots (Enter)"="480000000000000074e81bb447e3d6019c0a0000b4030000d20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGetSnapshots (Leave)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppEnumGroups (Enter)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppEnumGroups (Leave)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000"
"SppCreate (Enter)"="4800000000000000fbf5aaadeb72d6016410000098120000d00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGatherWriterMetadata (Enter)"="4800000000000000dfd8b8adeb72d6016410000098120000d30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGatherWriterMetadata (Leave)"="4800000000000000d4dfbeb1eb72d6016410000098120000d30700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppAddInterestingComponents (Enter)"="4800000000000000d4dfbeb1eb72d6016410000098120000d40700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppAddInterestingComponents (Leave)"="480000000000000085b9f6b1eb72d6016410000098120000d40700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppCreate (Leave)"="48000000000000008f7da9beeb72d6016410000098120000d00700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\SystemRestore]
"SrCreateRp (Enter)"="4800000000000000eaceaaadeb72d6016410000098120000d50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SrCreateRp (Leave)"="4800000000000000c0f2a9beeb72d6016410000098120000d50700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\BITS Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\System Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\VolSnap]
"Volume{8a84f30d-a2f5-43b9-a2e7-0161bc6c5c4b}DiscoverSnapshots (Enter)"="4800000000000000e9a4f154fae3d6010000000000000000200000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"Volume{8a84f30d-a2f5-43b9-a2e7-0161bc6c5c4b}DiscoverSnapshots (Leave)"="4800000000000000e9a4f154fae3d6010000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"VolumesSafeForWrite (Enter)"="4800000000000000178c8156fae3d60100000000000000001e0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"VolumesSafeForWrite (Leave)"="4800000000000000f8728d56fae3d60100000000000000001f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\WMI Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Providers]
[HKLM\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}]
""="Microsoft Software Shadow Copy provider 1.0"
"Type"="1"
"Version"="1.0.0.7"
"VersionId"="{00000001-0000-0000-0007-000000000001}"
[HKLM\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID]
""="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}"
[HKLM\System\CurrentControlSet\Services\VSS\Settings]
[HKLM\System\CurrentControlSet\Services\VSS\Settings\WritersBlockingRevert]
"{2707761B-2324-473D-88EB-EB007A359533}"="DFS-R Writer"
"{D76F5A28-3092-4589-BA48-2958FB88CE29}"="FRS Writer"
"{B2014C9E-8711-4C5C-A5A9-3CF384484757}"="AD Writer"
"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"="ADAM Writer"
"TornComponentsBlockRevert"="1"
[HKLM\System\CurrentControlSet\Services\VSS\VssAccessControl]
"NT Authority\NetworkService"="1"

=== End of ExportKey ===

========= Get-Service -Name VSS | Select * =========



Name : VSS
RequiredServices : {RPCSS}
CanPauseAndContinue : False
CanShutdown : False
CanStop : False
DisplayName : Stínová kopie svazku
DependentServices : {}
MachineName : .
ServiceName : VSS
ServicesDependedOn : {RPCSS}
ServiceHandle : SafeServiceHandle
Status : Stopped
ServiceType : Win32OwnProcess
Site :
Container :


========= End of Powershell: =========

HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\makcojoppodhcgmmchohadhpkicoafka => removed successfully
HKLM\System\CurrentControlSet\Services\iscFlash => removed successfully
iscFlash => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 129727277 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1310279 B
Edge => 0 B
Chrome => 519252626 B
Firefox => 1098162294 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100016 B
systemprofile32 => 166311 B
LocalService => 232539 B
NetworkService => 232539 B
ASUS => 375899 B
Administrator => 930892596 B

RecycleBin => 41938 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:32:18 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Notebook pomalá práce s fotkami

#6 Příspěvek od Conder »

:arrow: Spusti kontrolu integrity systemovych suborov:
  • Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
  • Skopiruj a spusti prikaz:

    Kód: Vybrat vše

    sfc /scannow
  • Po dokonceni skopiruj a spusti tento prikaz:

    Kód: Vybrat vše

    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
  • Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
  • Restartuj PC a napis ako sa chova PC
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#7 Příspěvek od samsungs6edge »

V příloze vám posílám soubor
Přílohy
sfcdetails.rar
(1.55 KiB) Staženo 55 x

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#8 Příspěvek od samsungs6edge »

Problém by měl být vyřešen. Děkuji za pomoc

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Notebook pomalá práce s fotkami

#9 Příspěvek od Conder »

:arrow: Tak este upraceme po pouzitych nastrojoch:
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

samsungs6edge
Návštěvník
Návštěvník
Příspěvky: 134
Registrován: 26 kvě 2017 14:48

Re: Notebook pomalá práce s fotkami

#10 Příspěvek od samsungs6edge »

Hotovo děkuji mnohokrát za pomoc.

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Notebook pomalá práce s fotkami

#11 Příspěvek od Conder »

Nie je zaco, rad som pomohol :)
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět