VIRY.CZ

Dobrý den mám notebook kde je Windows 7 Pro. Dříve vše fungovalo na 100%, ale poslední 2 měsíce se setkávám s tímto problémem, když otevřu složku s fotkami a pravým tlačítkem na myši dám otočit fotku nebo i vlastnosti tak se pouze točí kurzor myši a dále se nic neprovede. Můžete mě prosím zkontrolovat níže poslané logy? Děkuji za vaši pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-12-2020
Ran by ASUS (administrator) on ASUS-PC (ASUSTeK Computer Inc. K52De) (05-01-2021 10:45:24)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ASUS
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTeK Computer Inc. -> ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Golden Frog, GmbH.) [File not signed] C:\Program Files (x86)\VyprVPN\VyprVPNService.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Privax Limited -> Privax Limited) C:\Program Files\Privax\HMA VPN\VpnSvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(TEFINCOM S.A. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2019-06-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6806144 2010-06-24] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-05-03] (ASUSTeK Computer Inc. -> ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUSTeK Computer Inc. -> ASUS)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-08] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * icarus_rvrt.exe
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {156A60DC-64FD-4E68-9C2B-2BA95E54F788} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1D73BD59-6E9F-4A20-8EB2-95063ECD0AA1} - System32\Tasks\HMA VPN Update => C:\Program Files\Privax\HMA VPN\VpnUpdate.exe [1275720 2020-11-24] (Privax Limited -> Privax Limited)
Task: {42708DDB-89F8-4882-89A9-E87342DD7FB9} - System32\Tasks\Privax\HMA VPN Update => C:\Program Files\Common Files\Privax\Icarus\privax-vpn\icarus.exe [5479824 2020-11-19] (Privax Limited -> Privax Limited)
Task: {C01AF94E-D611-4A43-B5C6-33B03A371CC0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C2055F98-DCB2-4426-943B-7411F4311345} - System32\Tasks\Privax\HMA VPN Bug Report => C:\Program Files\Privax\HMA VPN\AvBugReport.exe [4663112 2020-11-24] (Privax Limited -> Privax Limited) -> --filter "*.dmp;*.mdmp;icarus.log" --send "dumps|report" --silent --product 78 --programpath "C:\Program Files\Privax\HMA VPN" --configpath "C:\ProgramData\Privax\HMA VPN" --path "C:\ProgramData\Privax\HMA VPN\log" --path "C:\ProgramData\Privax\Icarus\Logs" --guid 3048f52c-2c0f-4821-a7d8-e3fc99449d62
Task: {CA710A94-EE44-4A47-82CF-B312A7642D67} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-15] (Google LLC -> Google LLC)
Task: {E2F8253B-9BB2-4464-AE48-8F2F8BDF6423} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-08-15] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1EC790A7-A597-4911-B474-5FDCFB47C749}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{B84CBC3F-0EF3-4383-A9CC-E03D99F59C93}: [NameServer] 100.120.66.1
Tcpip\..\Interfaces\{C65EB574-8DD7-4E32-9F13-FE05AF6EE1EB}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF DefaultProfile: 6k7q4gvg.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6k7q4gvg.default [2020-08-15]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\cfrlh2d6.default-release [2020-12-26]
FF DownloadDir: D:\Download Mozilla
FF Homepage: Mozilla\Firefox\Profiles\cfrlh2d6.default-release -> www.seznam.cz
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2021-01-05]
CHR DownloadDir: D:\Stažené soubory
CHR Notifications: Default -> hxxps://www.facebook.com
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Extension: (AdvBlocker AdBlocker) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjbaljgolmlcmmklmmeafecikidmjpi [2020-09-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-11-20]
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-24] (Apple Inc. -> Apple Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4582080 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 HmaProVpn; C:\Program Files\Privax\HMA VPN\VpnSvc.exe [7676744 2020-11-24] (Privax Limited -> Privax Limited)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [269584 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-12-17] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933304 2019-12-17] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 VyprVPN; C:\Program Files (x86)\VyprVPN\VyprVPNService.exe [407040 2020-08-10] (Golden Frog, GmbH.) [File not signed]
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1394688 2009-06-20] (Microsoft Windows -> Atheros Communications, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [42256 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [59360 2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 hmatap; C:\Windows\System32\DRIVERS\hmatap.sys [45560 2020-07-16] (Privax Limited -> The OpenVPN Project)
R3 nlwt; C:\Windows\System32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\Windows\System32\DRIVERS\nordlwf.sys [29384 2020-08-05] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166760 2019-12-17] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [28160 2020-08-10] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapnordvpn; C:\Windows\System32\DRIVERS\tapnordvpn.sys [35592 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapvyprvpn; C:\Windows\System32\DRIVERS\tapvyprvpn.sys [44896 2020-08-10] (Golden Frog, GmbH -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 wintun; C:\Windows\System32\DRIVERS\wintun.sys [29576 2020-12-15] (WireGuard LLC -> WireGuard LLC)
S3 iscFlash; \??\E:\iscflashx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 10:45 - 2021-01-05 10:45 - 000011341 _____ C:\Users\Administrator\Desktop\FRST.txt
2021-01-05 10:45 - 2021-01-05 10:45 - 000000000 ____D C:\FRST
2021-01-05 10:45 - 2021-01-05 10:43 - 002286592 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2020-12-27 10:30 - 2021-01-03 14:57 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka (3)
2020-12-26 10:45 - 2020-12-26 10:45 - 000000000 ____D C:\Users\Administrator\AppData\Local\mbam
2020-12-26 10:44 - 2020-12-26 10:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-24 16:48 - 2020-12-24 16:53 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka (2)
2020-12-23 10:03 - 2020-12-30 13:47 - 000000000 ____D C:\Users\Administrator\Desktop\Nová složka
2020-12-17 15:25 - 2020-12-17 15:25 - 000000000 ____D C:\Program Files\Samsung
2020-12-17 15:25 - 2019-12-17 11:50 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2020-12-17 15:25 - 2019-12-17 11:50 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2020-12-17 15:24 - 2020-12-17 15:24 - 000000000 ____D C:\ProgramData\Samsung
2020-12-16 09:23 - 2020-12-16 09:23 - 000002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000001760 _____ C:\Users\Public\Desktop\iTunes.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000001760 _____ C:\ProgramData\Desktop\iTunes.lnk
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files\iTunes
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files\iPod
2020-12-16 09:23 - 2020-12-16 09:23 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2020-12-15 10:28 - 2020-12-16 09:27 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2020-12-15 10:28 - 2020-12-15 10:28 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple Computer
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Users\Administrator\AppData\Local\Apple
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Program Files\Bonjour
2020-12-15 10:27 - 2020-12-15 10:27 - 000000000 ____D C:\Program Files (x86)\Bonjour
2020-12-15 10:25 - 2020-12-15 10:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden_Frog,_GmbH
2020-12-15 10:25 - 2020-12-15 10:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\Golden Frog, GmbH
2020-12-15 10:24 - 2020-12-15 10:24 - 000029576 ____T (WireGuard LLC) C:\Windows\system32\Drivers\wintun.sys
2020-12-15 10:24 - 2020-12-15 10:24 - 000001004 _____ C:\Users\Public\Desktop\VyprVPN.lnk
2020-12-15 10:24 - 2020-12-15 10:24 - 000001004 _____ C:\ProgramData\Desktop\VyprVPN.lnk
2020-12-15 10:24 - 2020-12-15 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Golden Frog, GmbH
2020-12-15 10:24 - 2020-12-15 10:24 - 000000000 ____D C:\ProgramData\Golden Frog, GmbH
2020-12-15 10:23 - 2020-12-15 10:24 - 000000000 ____D C:\Program Files (x86)\VyprVPN
2020-12-11 17:05 - 2020-12-11 17:05 - 000001584 _____ C:\Users\Administrator\AppData\Local\recently-used.xbel
2020-12-11 16:59 - 2020-12-11 17:07 - 000000000 ____D C:\Users\Administrator\AppData\Local\babl-0.1
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\GIMP
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\GIMP
2020-12-11 16:59 - 2020-12-11 16:59 - 000000000 ____D C:\Users\Administrator\AppData\Local\gegl-0.4
2020-12-11 16:54 - 2020-12-11 17:07 - 000000000 ____D C:\Program Files\GIMP 2
2020-12-06 16:13 - 2020-12-06 16:13 - 000001090 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2020-12-06 16:13 - 2020-12-06 16:13 - 000001090 _____ C:\ProgramData\Desktop\Revo Uninstaller Pro.lnk
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\VS Revo Group
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\ProgramData\VS Revo Group
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2020-12-06 16:13 - 2020-12-06 16:13 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-06 16:13 - 2020-09-29 09:54 - 000047280 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-05 07:31 - 2020-09-16 08:56 - 000000000 ____D C:\Program Files\CCleaner
2021-01-05 07:29 - 2009-07-14 05:45 - 000032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-05 07:29 - 2009-07-14 05:45 - 000032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-05 07:26 - 2011-04-12 09:34 - 000647494 _____ C:\Windows\system32\perfh005.dat
2021-01-05 07:26 - 2011-04-12 09:34 - 000132822 _____ C:\Windows\system32\perfc005.dat
2021-01-05 07:26 - 2009-07-14 06:13 - 001523392 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-05 07:26 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2021-01-05 07:21 - 2020-08-15 13:58 - 000003882 _____ C:\Windows\system32\Tasks\HMA VPN Update
2021-01-05 07:21 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-04 10:21 - 2020-10-24 14:42 - 000000000 ____D C:\Program Files (x86)\3uTools
2021-01-01 16:36 - 2020-08-30 10:53 - 000000412 __RSH C:\ProgramData\ntuser.pol
2020-12-26 22:00 - 2020-08-15 10:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2020-12-26 18:04 - 2020-08-15 10:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\vlc
2020-12-26 17:11 - 2020-08-15 10:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\uTorrent
2020-12-26 17:11 - 2020-08-15 10:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\BitTorrentHelper
2020-12-24 16:39 - 2020-08-15 11:19 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\ICQ
2020-12-16 16:15 - 2020-08-15 10:30 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla
2020-12-16 15:58 - 2020-10-19 16:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-16 09:22 - 2020-08-15 13:50 - 000000000 ____D C:\Program Files\Common Files\Apple
2020-12-16 09:20 - 2020-08-15 11:10 - 000000000 ____D C:\ProgramData\Apple
2020-12-15 10:24 - 2020-08-15 13:46 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-12 12:52 - 2020-09-16 08:56 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-12 12:52 - 2020-09-16 08:56 - 000000835 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-12-12 12:52 - 2020-09-16 08:56 - 000000835 _____ C:\ProgramData\Desktop\CCleaner.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002196 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-08 09:29 - 2020-08-15 10:28 - 000002196 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-12-06 16:16 - 2020-08-15 13:47 - 000000000 ____D C:\Users\Administrator\AppData\Local\IPVanish

==================== Files in the root of some directories ========

2020-12-11 17:05 - 2020-12-11 17:05 - 000001584 _____ () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-02 10:06
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2020
Ran by ASUS (05-01-2021 10:46:22)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2020-08-15 09:10:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ASUS (S-1-5-21-957794653-3658390102-4247516689-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-957794653-3658390102-4247516689-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\uTorrent) (Version: 3.5.5.45776 - BitTorrent Inc.)
3uTools (HKLM-x32\...\3uTools) (Version: 2.55.012 - ShangHai ZhangZheng Network Technology Co., Ltd.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AltServer (HKLM-x32\...\{F6FFD3DD-A872-4F18-BD81-334A52EF9BFE}) (Version: 1.4.1 - Riley Testut)
AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{F9CEF01A-3907-4614-824F-CF5D3E4675EF}) (Version: 14.1.0.35 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0005 - ASUS)
balenaEtcher 1.5.109 (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Version: 1.5.109 - Balena Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.13.0.1371 - Disc Soft Ltd)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ETDWare PS/2-x64 7.0.5.11_WHQL (HKLM\...\Elantech) (Version: 7.0.5.11 - ELAN Microelectronics Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
HMA VPN (HKLM\...\Privax HMA) (Version: 5.3.5263.1100 - Privax)
HxD Hex Editor 2.4 (HKLM\...\HxD_is1) (Version: 2.4 - Maël Hörz)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
ICQ New (verze 10.0.43158) (HKU\S-1-5-21-957794653-3658390102-4247516689-500\...\icq.desktop) (Version: 10.0.43158 - Mail.ru LLC)
InstallWintun (HKLM\...\{FE2AA480-D491-4272-92BC-EAE2101B8B94}) (Version: 1.0.0 - WireGuard LLC) Hidden
IPVanish (HKLM\...\{C9EB342E-66CA-4EAC-893E-C9BF85D41758}) (Version: 3.6.1.0 - Mudhook Marketing, Inc) Hidden
IPVanish (HKLM-x32\...\{4e1fc03e-40ca-4a95-bfbb-8527987dce24}) (Version: 3.6.1.0 - Mudhook Marketing, Inc)
iTunes (HKLM\...\{6B5E1BB0-7219-47AC-AA8C-9C2C9950E1E5}) (Version: 12.10.10.2 - Apple Inc.)
Microsoft .NET Framework 4.8 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 81.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 81.0.2 (x64 cs)) (Version: 81.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
NordVPN (HKLM\...\{19465C24-3D5D-4327-B99F-3CC0A1D38151}_is1) (Version: 6.31.13.0 - TEFINCOM S.A.)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{73EC9EBF-8350-4C38-9262-3CB464532FA9}) (Version: 1.0.0 - NordVPN)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6110 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.3.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.8 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.23.0 - Samsung Electronics Co., Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VyprVPN (HKLM\...\{526B3DDC-6891-4F43-8F64-8B83DC9E4848}) (Version: 4.1.0.10541 - Golden Frog, GmbH.)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-08-15] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2020-09-28] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2020-08-10 15:28 - 2020-08-10 15:28 - 000101888 _____ () [File not signed] [File is in use] C:\Program Files (x86)\VyprVPN\GoldenFrogWFP.dll
2020-10-12 18:55 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-03-27 22:48 - 2019-03-27 22:48 - 000115200 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 8) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-957794653-3658390102-4247516689-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/cs-cz/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-957794653-3658390102-4247516689-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupreg: AltServer => C:\Program Files (x86)\AltServer\AltServer.exe
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: ETDWare => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: ExpressVPNNotificationService => "C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe"
MSCONFIG\startupreg: iCloud => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MiPhoneManager => "C:\Users\Administrator\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{CED1911A-951C-4A8D-9276-F825AA4AA1B8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{198A0174-A249-4D41-94A5-00510DC7C4EB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{416C8019-C7D0-4CEB-920F-ADE4C72A4B41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2E029800-933B-4D1B-9138-3CD7DACB591B}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F7A46B10-026E-45D4-AB0D-21CE1BFE0A7E}] => (Allow) C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{94EBA9EE-9C51-4EAA-9EA6-4042F8BBAFD7}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{A0AC10EE-2B96-417E-B463-46676C190A23}] => (Allow) C:\Program Files (x86)\3uTools\libXunlei\Download\MiniThunderPlatform.exe (ShenZhen Thunder Networking Technologies Ltd. -> 深圳市迅雷网络技术有限公司)
FirewallRules: [{747BA921-5698-4FC0-8110-18C16D30E074}] => (Allow) LPort=80
FirewallRules: [{BFA7C10F-6325-473A-9F32-8AC828DFE75D}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{50C0925F-06D9-4972-B2ED-F16E47B10AF6}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:97.43 GB) (Free:51.01 GB) (52%)
Check "VSS" service


==================== Faulty Device Manager Devices ============

Name: TAP-Windows Adapter V9
Description: TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: tap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-VyprVPN Adapter V9
Description: TAP-VyprVPN Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-VyprVPN Provider V9
Service: tapvyprvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HL-DT-ST DVDRAM GT34N ATA Device
Description: Jednotka CD-ROM
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní jednotky CD-ROM)
Service: cdrom
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9285 – adaptér bezdrátové sítě
Description: Atheros AR9285 – adaptér bezdrátové sítě
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: BT-270
Description: BT-270
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (01/05/2021 07:22:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/04/2021 01:50:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 87.0.4280.88 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 13d0

Čas spuštění: 01d6e297cca4d29d

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 60989264-4e8b-11eb-bd30-bcaec535cdc5

Error: (01/04/2021 08:02:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/03/2021 02:04:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.1.7601.23537 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 578

Čas spuštění: 01d6e19e6e3c2d2d

Čas ukončení: 18

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení: 31f4cb2e-4dc4-11eb-b0dc-bcaec535cdc5

Error: (01/03/2021 09:34:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 87.0.4280.88 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 564

Čas spuštění: 01d6e1ab04117c52

Čas ukončení: 9

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: 80aec424-4d9e-11eb-b0dc-bcaec535cdc5

Error: (01/03/2021 08:02:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/02/2021 08:02:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/01/2021 04:43:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (01/05/2021 07:22:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/04/2021 10:11:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba nordvpn-service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/04/2021 01:50:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/04/2021 08:02:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (01/03/2021 10:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba VyprVPN byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/03/2021 10:17:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba nordvpn-service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (01/03/2021 09:34:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: Server {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775} se v daném časovém limitu neregistroval u služby DCOM.

Error: (01/03/2021 08:03:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom


==================== Memory info ===========================

BIOS: American Megatrends Inc. K52De.210 01/27/2011
Motherboard: ASUSTeK Computer Inc. K52De
Processor: AMD Athlon(tm) II P360 Dual-Core Processor
Percentage of memory in use: 42%
Total physical RAM: 6141.84 MB
Available physical RAM: 3521.27 MB
Total Virtual: 12281.81 MB
Available Virtual: 9643.7 MB

==================== Drives ================================

Drive c: (Windows 7 SSD) (Fixed) (Total:97.43 GB) (Free:51.01 GB) NTFS
Drive d: (Dokumenty SSD) (Fixed) (Total:140.82 GB) (Free:55.19 GB) NTFS


==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

# -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-12-21.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 01-05-2021
# Duration: 00:00:22
# OS: Windows 7 Professional
# Scanned: 31930
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Ahoj

V PC nie je nainstalovany ziadny antivirus a tiez je vypnuty aj Windows Firewall. Odporucam nejaky nainstalovat.

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  ExportKey: HKLM\System\CurrentControlSet\Services\VSS
  PowerShell: Get-Service -Name VSS | Select *
  
  BootExecute: autocheck autochk * icarus_rvrt.exe
  CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
  S3 iscFlash; \??\E:\iscflashx64.sys [X]
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah skopiruj a vloz do dalsej odpovede

Zde je log

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by ASUS (06-01-2021 10:31:36) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ASUS
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\System\CurrentControlSet\Services\VSS
PowerShell: Get-Service -Name VSS | Select *

BootExecute: autocheck autochk * icarus_rvrt.exe
CHR HKLM-x32\...\Chrome\Extension: [makcojoppodhcgmmchohadhpkicoafka]
S3 iscFlash; \??\E:\iscflashx64.sys [X]

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 76
Average :
Sum : 115053261
Maximum :
Minimum :
Property : Length


========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\System\CurrentControlSet\Services\VSS]
"DisplayName"="@%systemroot%\system32\vssvc.exe,-102"
"ImagePath"="%systemroot%\system32\vssvc.exe"
"Description"="@%systemroot%\system32\vssvc.exe,-101"
"ObjectName"="LocalSystem"
"ErrorControl"="1"
"Start"="3"
"Type"="16"
"DependOnService"="RPCSS"
"ServiceSidType"="1"
[HKLM\System\CurrentControlSet\Services\VSS\Diag]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\SPP]
"SppGetSnapshots (Enter)"="480000000000000074e81bb447e3d6019c0a0000b4030000d20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGetSnapshots (Leave)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppEnumGroups (Enter)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppEnumGroups (Leave)"="4800000000000000d4491eb447e3d6019c0a0000b4030000d10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000"
"SppCreate (Enter)"="4800000000000000fbf5aaadeb72d6016410000098120000d00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGatherWriterMetadata (Enter)"="4800000000000000dfd8b8adeb72d6016410000098120000d30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppGatherWriterMetadata (Leave)"="4800000000000000d4dfbeb1eb72d6016410000098120000d30700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppAddInterestingComponents (Enter)"="4800000000000000d4dfbeb1eb72d6016410000098120000d40700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppAddInterestingComponents (Leave)"="480000000000000085b9f6b1eb72d6016410000098120000d40700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SppCreate (Leave)"="48000000000000008f7da9beeb72d6016410000098120000d00700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\SystemRestore]
"SrCreateRp (Enter)"="4800000000000000eaceaaadeb72d6016410000098120000d50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"SrCreateRp (Leave)"="4800000000000000c0f2a9beeb72d6016410000098120000d50700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\BITS Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\System Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Diag\VolSnap]
"Volume{8a84f30d-a2f5-43b9-a2e7-0161bc6c5c4b}DiscoverSnapshots (Enter)"="4800000000000000e9a4f154fae3d6010000000000000000200000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"Volume{8a84f30d-a2f5-43b9-a2e7-0161bc6c5c4b}DiscoverSnapshots (Leave)"="4800000000000000e9a4f154fae3d6010000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"VolumesSafeForWrite (Enter)"="4800000000000000178c8156fae3d60100000000000000001e0000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
"VolumesSafeForWrite (Leave)"="4800000000000000f8728d56fae3d60100000000000000001f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
[HKLM\System\CurrentControlSet\Services\VSS\Diag\WMI Writer]
[HKLM\System\CurrentControlSet\Services\VSS\Providers]
[HKLM\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}]
""="Microsoft Software Shadow Copy provider 1.0"
"Type"="1"
"Version"="1.0.0.7"
"VersionId"="{00000001-0000-0000-0007-000000000001}"
[HKLM\System\CurrentControlSet\Services\VSS\Providers\{b5946137-7b9f-4925-af80-51abd60b20d5}\CLSID]
""="{65EE1DBA-8FF4-4a58-AC1C-3470EE2F376A}"
[HKLM\System\CurrentControlSet\Services\VSS\Settings]
[HKLM\System\CurrentControlSet\Services\VSS\Settings\WritersBlockingRevert]
"{2707761B-2324-473D-88EB-EB007A359533}"="DFS-R Writer"
"{D76F5A28-3092-4589-BA48-2958FB88CE29}"="FRS Writer"
"{B2014C9E-8711-4C5C-A5A9-3CF384484757}"="AD Writer"
"{DD846AAA-A1B6-42a8-AAF8-03DCB6114BFD}"="ADAM Writer"
"TornComponentsBlockRevert"="1"
[HKLM\System\CurrentControlSet\Services\VSS\VssAccessControl]
"NT Authority\NetworkService"="1"

=== End of ExportKey ===

========= Get-Service -Name VSS | Select * =========



Name : VSS
RequiredServices : {RPCSS}
CanPauseAndContinue : False
CanShutdown : False
CanStop : False
DisplayName : Stínová kopie svazku
DependentServices : {}
MachineName : .
ServiceName : VSS
ServicesDependedOn : {RPCSS}
ServiceHandle : SafeServiceHandle
Status : Stopped
ServiceType : Win32OwnProcess
Site :
Container :


========= End of Powershell: =========

HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\makcojoppodhcgmmchohadhpkicoafka => removed successfully
HKLM\System\CurrentControlSet\Services\iscFlash => removed successfully
iscFlash => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 129727277 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 1310279 B
Edge => 0 B
Chrome => 519252626 B
Firefox => 1098162294 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 100016 B
systemprofile32 => 166311 B
LocalService => 232539 B
NetworkService => 232539 B
ASUS => 375899 B
Administrator => 930892596 B

RecycleBin => 41938 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:32:18 ====

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"

• Na ploche sa vytvori subor sfcdetails.txt, zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC a napis ako sa chova PC

V příloze vám posílám soubor

Problém by měl být vyřešen. Děkuji za pomoc

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

Hotovo děkuji mnohokrát za pomoc.

Nie je zaco, rad som pomohol