Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-07-2020
Ran by Zdenda (administrator) on LAPTOP-V7B727CO (LENOVO 80S2) (28-07-2020 19:49:44)
Running from C:\Users\Zdenda\Desktop
Loaded Profiles: Zdenda
Platform: Windows 10 Home Version 1903 18362.778 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Conexant Systems, Inc. -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe
(CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Huawei Software Technologies Co., LTD. -> ) C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(LENOVO -> Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(LENOVO -> Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.892_none_5efe5b5a590f76dc\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe <2>
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Realtek Semiconductor Corp -> ) C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Zdenda\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <4>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation - Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-03] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230104 2015-07-11] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp. -> CyberLink Corp.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3137808 2020-01-19] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3377440 2020-07-24] (Valve -> Valve Corporation)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [28990136 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\Canon MG2900 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCB.DLL [30208 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG2900 series: C:\WINDOWS\system32\CNMLMCB.DLL [406016 2014-03-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-28] (Google LLC -> Google LLC)
Startup: C:\Users\Zdenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2018-06-17]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\Zdenda\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {007181BA-01A6-4A5A-AC0B-C409C97CA20F} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [56136 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
Task: {06DF46D9-5DE1-4E3F-AE8E-E71A3F07550A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\9537c380-7cb4-499b-9339-c3fc98f4e3af => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80712 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
Task: {1AE63D09-FBD3-4E86-96C9-8B14E303D8D7} - System32\Tasks\Lenovo\SHUpdate => C:\Program Files (x86)\Lenovo\SHAREit\ShareitUpdater.exe [808392 2015-09-26] (LENOVO -> )
Task: {1B7C39A2-9EE1-4D51-9443-BA7F0E3DE522} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5e2224fe-189c-4003-8f0f-004b2d05f8b3 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80712 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
Task: {26B0ADD0-AC38-46C3-8488-258F372D26CA} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {30797686-A5C1-4A31-AF9B-597A63C2CC33} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3291AF14-4C2E-49BD-B600-C7D4803E82FD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\2a6d5ecc-74a4-4e6c-bf55-d11dabb17a9e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80712 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
Task: {3FBF9809-0F0F-4B52-8F0B-63AC4B5A98D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24584376 2020-06-17] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {48DE1037-77AD-414E-9218-D4C0025C33D5} - System32\Tasks\Lenovo\SHPrompt => C:\Program Files (x86)\Lenovo\SHAREit\ShareitPrompt.exe [829384 2015-09-26] (LENOVO -> )
Task: {568C582F-C4CA-400B-975A-E7231DD286DD} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {5F55F109-BB5C-44EB-BE4E-D902B6F9F13F} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [141752 2020-06-18] (Lenovo -> Lenovo Group Ltd.)
Task: {610F48EB-D203-4D32-A037-CDBECAD21164} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [1320384 2015-08-07] (LENOVO -> Lenovo)
Task: {64D0A846-CD3A-481D-8956-36786370CF8B} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\Lenovo\PowerDVD12\PDVD12Serv.exe [85432 2015-09-11] (CyberLink Corp. -> CyberLink Corp.)
Task: {6D48B06E-2AE8-44DE-9012-2FAC7DC14CC1} - System32\Tasks\App Explorer => C:\Users\Zdenda\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7499944 2020-05-13] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION
Task: {7634259F-EDCD-4886-A409-CEFFC44A30DC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7A8ABF21-C663-434A-BCCC-F42E3746B321} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [564664 2015-06-12] (LENOVO -> Lenovo)
Task: {8725DF80-1031-413C-8D0B-05FC5A9716F1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {89AA9454-547E-405E-AED6-AF4E4EB3F538} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [16832 2015-07-07] (LENOVO -> Lenovo)
Task: {8CE6ABC8-B494-41AF-AF28-692055708EE7} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3cc3dd26-21c7-4ce1-87d9-f78b418da940 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80712 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
Task: {8ECE026E-8B64-473F-811C-0D27FB1944E0} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {9357D9D7-9897-4DF9-BDD1-4FB77E169587} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [9476544 2015-08-07] (LENOVO -> )
Task: {9606E5BB-5546-47F6-90DA-B1B3A21DA42F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9BCA3827-E1D3-41DE-A559-B60F4F856A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
Task: {9CF4C4AC-A8A6-4A2D-9785-BE527DAA5389} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [736696 2015-09-30] (CyberLink Corp. -> CyberLink Corp.)
Task: {AAAF58C2-7EDB-41C7-BE0E-75E0BA591598} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {AEBC7CBE-7C0D-4846-813B-E6CE6B08524C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [270272 2015-08-07] (LENOVO -> Lenovo)
Task: {B00962E3-77AA-48B5-A415-22A2E8019A3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C55B44F7-0084-47DA-AFEA-C7EDD662CC03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
Task: {D3ECEC92-0FFA-473B-A6AC-227966BFF54D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FDDE519F-E890-45A7-8162-6E5609755AF5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{10472786-fad0-4db8-94f8-e5a06c47b13c}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{b6b79b11-30d2-454e-80a0-b0c15946b26c}: [DhcpNameServer] 150.212.1.3
Internet Explorer:
==================
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-820366760-2656376409-1252331811-1001 -> DefaultScope {59E8965C-0205-4521-948F-FD744D6AC887} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-22] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-22] (McAfee, LLC -> McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
Chrome:
=======
CHR Profile: C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default [2020-07-28]
CHR Notifications: Default -> hxxps://joy.pushcrew.com; hxxps://mail.google.com; hxxps://serialy.sledujufilmy.cz; hxxps://sledujufilmy.cz; hxxps://waaw.tv; hxxps://web.skype.com; hxxps://www.bhphotovideo.com; hxxps://www.facebook.com; hxxps://www.flashx.tv; hxxps://www.freefilm.to; hxxps://www.freeserial.to; hxxps://www.gamespot.com; hxxps://www.youtube.com
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee_uninternational&type=E211CZ714G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Extension: (Dokumenty) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Disk Google) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-28]
CHR Extension: (ZenMate Free VPN–Best VPN for Chrome) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2020-07-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-22]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-13]
CHR Extension: (Gmail) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\Zdenda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [120024 2015-07-02] (Realtek Semiconductor Corp -> )
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (LENOVO -> Lenovo)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [143584 2016-09-21] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-30] (LENOVO -> Lenovo)
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [191688 2016-05-17] (Huawei Software Technologies Co., LTD. -> )
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373680 2017-05-26] (Intel(R) pGFX -> Intel Corporation)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [80712 2020-06-05] (Lenovo -> Lenovo Group Ltd.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-07] (LENOVO -> Lenovo)
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [907224 2020-03-11] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2475312 2020-01-19] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3393848 2020-01-19] (Electronic Arts, Inc. -> Electronic Arts)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-14] (Microsoft Corporation) [File not signed]
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41040 2016-09-21] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronic Corp.)
R3 glavcam; C:\WINDOWS\system32\DRIVERS\glavcam.sys [3476736 2015-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
S3 ldiagio_uefi; C:\Program Files\Lenovo\Lenovo Solution Center\App\ldiag\x64\ldiagio_uefi.sys [24808 2015-04-02] (Lenovo Information Products (Shenzhen) Co.,Ltd -> Lenovo Group Limited (R))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2019-12-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2019-12-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-12] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
S1 frmaltmf; \??\C:\WINDOWS\system32\drivers\frmaltmf.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-28 19:49 - 2020-07-28 19:55 - 000022817 _____ C:\Users\Zdenda\Desktop\FRST.txt
2020-07-28 19:48 - 2020-07-28 19:52 - 000000000 ____D C:\FRST
2020-07-28 19:47 - 2020-07-28 19:57 - 002296320 _____ (Farbar) C:\Users\Zdenda\Desktop\FRST64.exe
2020-07-28 19:30 - 2020-05-15 06:29 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-07-28 19:30 - 2020-05-15 06:10 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-07-28 19:09 - 2020-07-28 19:09 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-07-28 18:26 - 2020-07-28 18:26 - 000010550 _____ C:\Users\Zdenda\Documents\cc_20200728_182608.reg
2020-07-28 18:25 - 2020-07-28 18:25 - 000151094 _____ C:\Users\Zdenda\Documents\cc_20200728_182534.reg
2020-07-28 18:21 - 2020-07-28 18:21 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-07-28 18:21 - 2020-07-28 18:21 - 000002890 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2020-07-28 18:21 - 2020-07-28 18:21 - 000000830 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-07-28 18:21 - 2020-07-28 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2020-07-28 18:20 - 2020-07-28 18:21 - 000000000 ____D C:\Program Files\CCleaner
2020-07-22 22:53 - 2020-07-22 22:53 - 000000000 ____D C:\Users\host\AppData\Local\PlaceholderTileLogoFolder
2020-07-22 22:37 - 2020-07-22 22:37 - 000000000 ___HD C:\Users\host\MicrosoftEdgeBackups
2020-07-22 22:33 - 2020-07-22 22:35 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-820366760-2656376409-1252331811-1004
2020-07-22 22:33 - 2020-07-22 22:35 - 000000000 ___RD C:\Users\host\OneDrive
2020-07-22 22:30 - 2020-07-22 22:30 - 000000000 ____D C:\Users\host\AppData\Local\Comms
2020-07-22 22:19 - 2020-07-22 22:19 - 000000000 ____D C:\Users\host\AppData\Local\CEF
2020-07-22 22:12 - 2020-07-22 22:12 - 000000000 ____D C:\Users\host\AppData\Roaming\LSC
2020-07-22 22:09 - 2020-07-22 22:09 - 000000000 ____D C:\Users\host\AppData\Roaming\Intel Corporation
2020-07-22 22:08 - 2020-07-22 22:08 - 000000000 ____D C:\Users\host\AppData\Local\Power2Go8
2020-07-22 22:07 - 2020-07-22 22:53 - 000000000 ____D C:\Users\host\AppData\Local\MicrosoftEdge
2020-07-22 22:07 - 2020-07-22 22:07 - 000001450 _____ C:\Users\host\Desktop\Microsoft Edge.lnk
2020-07-22 22:04 - 2020-07-22 22:06 - 000000000 ____D C:\Users\host\AppData\Local\Lenovo
2020-07-22 22:04 - 2020-07-22 22:04 - 000000000 ____D C:\Users\host\REACHit
2020-07-22 22:02 - 2020-07-22 22:02 - 000000000 ___RD C:\Users\host\3D Objects
2020-07-22 22:02 - 2020-07-22 22:02 - 000000000 ____D C:\Users\host\AppData\Roaming\Adobe
2020-07-22 22:02 - 2020-07-22 22:02 - 000000000 ____D C:\Users\host\AppData\Local\Publishers
2020-07-22 22:02 - 2020-07-22 22:02 - 000000000 ____D C:\Users\host\AppData\Local\Google
2020-07-22 22:02 - 2020-07-22 22:02 - 000000000 ____D C:\Users\host\AppData\Local\CyberLink
2020-07-22 22:01 - 2020-07-28 18:10 - 000000000 __SHD C:\Users\host\IntelGraphicsProfiles
2020-07-22 22:01 - 2020-07-22 22:52 - 000000000 ____D C:\Users\host\AppData\Local\Packages
2020-07-22 22:01 - 2020-07-22 22:03 - 000000000 ____D C:\Users\host\AppData\Local\ConnectedDevicesPlatform
2020-07-22 22:01 - 2020-07-22 22:01 - 000000020 ___SH C:\Users\host\ntuser.ini
2020-07-22 22:01 - 2020-07-22 22:01 - 000000000 ____D C:\Users\host\Documents\My Bluetooth
2020-07-22 22:01 - 2020-07-22 22:01 - 000000000 ____D C:\Users\host\AppData\Local\VirtualStore
2020-07-22 22:01 - 2020-07-22 22:01 - 000000000 ____D C:\Users\host\AppData\Local\AVAST Software
2020-07-22 22:00 - 2020-07-28 18:18 - 000000000 ____D C:\Users\host\AppData\Local\Host App Service
2020-07-22 22:00 - 2020-07-22 22:37 - 000000000 ____D C:\Users\host
2020-07-22 22:00 - 2020-07-22 22:35 - 000002365 _____ C:\Users\host\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-22 19:36 - 2020-07-22 20:22 - 000000000 ____D C:\Users\Zdenda\AppData\Local\D3DSCache
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-28 19:55 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-28 19:36 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-28 19:36 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-28 19:36 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-28 19:33 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-07-28 19:21 - 2019-10-28 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2020-07-28 19:16 - 2019-09-11 20:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-28 19:16 - 2017-07-15 12:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2020-07-28 19:16 - 2016-12-28 10:11 - 000000000 __SHD C:\Users\Zdenda\IntelGraphicsProfiles
2020-07-28 19:15 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2020-07-28 19:14 - 2016-12-29 10:02 - 120636720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-07-28 19:14 - 2016-12-29 10:02 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-07-28 19:09 - 2016-03-04 22:09 - 000000000 ____D C:\ProgramData\McAfee
2020-07-28 19:03 - 2019-09-11 20:23 - 000004212 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{8A7CE30D-39EE-4050-B8F3-1ACAF60550E3}
2020-07-28 19:03 - 2016-12-28 10:10 - 000000000 ____D C:\Users\Zdenda\AppData\Local\Host App Service
2020-07-28 18:59 - 2016-12-29 09:44 - 000000000 ____D C:\Users\Zdenda\AppData\Roaming\Skype
2020-07-28 18:33 - 2020-03-11 20:57 - 000000000 ____D C:\WINDOWS\Minidump
2020-07-28 18:33 - 2019-08-08 10:13 - 000000000 ___DC C:\WINDOWS\Panther
2020-07-28 18:33 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-07-28 18:33 - 2018-07-22 10:57 - 000000000 ____D C:\Users\Zdenda\AppData\Local\CrashDumps
2020-07-28 18:33 - 2018-01-29 18:21 - 000000000 ____D C:\Users\Zdenda\AppData\Roaming\TS3Client
2020-07-28 18:19 - 2016-12-28 10:36 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-28 18:19 - 2016-12-28 10:36 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-07-22 22:45 - 2016-12-28 13:29 - 000000000 ____D C:\ProgramData\AVAST Software
2020-07-22 22:42 - 2016-12-31 20:59 - 000744808 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2020-07-22 22:40 - 2019-09-11 20:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\AVAST Software
2020-07-22 22:36 - 2018-04-11 18:54 - 000000000 ____D C:\Users\Zdenda\AppData\Local\AVAST Software
2020-07-22 22:24 - 2016-03-04 22:10 - 000000000 ____D C:\Program Files\mcafee
2020-07-22 22:20 - 2019-03-19 06:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-07-22 22:16 - 2017-12-06 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-07-22 22:16 - 2015-10-30 08:28 - 000000000 ____D C:\Users\Default.migrated
2020-07-22 22:02 - 2019-03-19 06:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-07-22 22:02 - 2015-11-03 21:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-07-22 21:56 - 2019-09-11 19:57 - 000000000 ____D C:\Users\Zdenda
2020-07-22 21:21 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-07-22 20:47 - 2017-02-14 19:11 - 000000000 ____D C:\ProgramData\Origin
2020-07-22 20:34 - 2016-12-28 10:15 - 000000000 ___RD C:\Users\Zdenda\OneDrive
2020-07-22 20:32 - 2019-09-11 20:23 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-820366760-2656376409-1252331811-1001
2020-07-22 20:31 - 2019-09-11 19:57 - 000002371 _____ C:\Users\Zdenda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-22 20:30 - 2017-02-14 19:32 - 000000000 ____D C:\Users\Zdenda\AppData\Local\Origin
2020-07-22 19:32 - 2019-09-11 19:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
==================== Files in the root of some directories ========
2016-12-28 10:11 - 2020-07-28 19:18 - 001804764 _____ () C:\Users\Zdenda\AppData\Local\BTServer.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-07-2020
Ran by Zdenda (28-07-2020 19:59:39)
Running from C:\Users\Zdenda\Desktop
Windows 10 Home Version 1903 18362.778 (X64) (2019-09-11 18:26:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-820366760-2656376409-1252331811-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-820366760-2656376409-1252331811-503 - Limited - Disabled)
Guest (S-1-5-21-820366760-2656376409-1252331811-501 - Limited - Disabled)
halik (S-1-5-21-820366760-2656376409-1252331811-1002 - Limited - Disabled)
host (S-1-5-21-820366760-2656376409-1252331811-1004 - Limited - Enabled) => C:\Users\host
WDAGUtilityAccount (S-1-5-21-820366760-2656376409-1252331811-504 - Limited - Disabled)
zdend (S-1-5-21-820366760-2656376409-1252331811-1003 - Limited - Disabled)
Zdenda (S-1-5-21-820366760-2656376409-1252331811-1001 - Administrator - Enabled) => C:\Users\Zdenda
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CCleaner (HKLM\...\CCleaner) (Version: 5.68 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.29.50 - Conexant)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.5521 - CyberLink Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 84.0.4147.89 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
iStripper version 1.2.190 (HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\iStripper_is1) (Version: 1.2.190 - Totem Entertainment)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lenovo App Explorer (HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\Host App Service) (Version: 0.273.3.880 - SweetLabs for Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E8266049-8C7B-4A09-9E11-8BD100E0076A}) (Version: 8.0.1.2376 - GenesysLogic)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.4706 - CyberLink Corp.)
Lenovo Photo Master (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.1.3330.01 - CyberLink Corp.)
Lenovo PowerDVD12 (HKLM-x32\...\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.) Hidden
Lenovo PowerDVD12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5709.60 - CyberLink Corp.)
Lenovo QuickOptimizer (HKLM\...\{8D2C871B-1B9F-45AC-9C43-2BB18089CDFA}) (Version: 1.0.022.00 - Lenovo)
Lenovo Solution Center (HKLM\...\{F925868A-2F2C-414B-A5A7-C613039CE9E4}) (Version: 3.1.001.00 - Lenovo)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.72 - McAfee, LLC.)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\OneDriveSetup.exe) (Version: 20.114.0607.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.59.36848 - Electronic Arts, Inc.)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.1.0.11 - Lenovo)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.868.867.071015 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.213.243 - REALTEK Semiconductor Corp.)
Roblox Player for Zdenda (HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for Zdenda (HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - Roblox Corporation)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.5.1 - Lenovo)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.7.64833 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.8 - TeamSpeak Systems GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
User Manuals (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo) Hidden
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 4.0.0.1 - Lenovo)
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.172.400.0_x86__kgqvnymyfvs32 [2020-07-22] (king.com)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-19] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2006.30.0_x64__k1h2ywk1493x8 [2020-07-22] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.7162.0_x64__8wekyb3d8bbwe [2020-07-28] (Microsoft Studios) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-04-20] (Microsoft Corporation) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-04-25] (LENOVO INCORPORATED.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-26] (LENOVO -> Lenovo)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-07-22] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [SHAREit.FileContextMenuExt] -> {430BD134-576D-4E75-87CD-0F5C6221A82B} => C:\Program Files (x86)\Lenovo\SHAREit\ShellEx\ShellExt64.dll [2015-09-26] (LENOVO -> Lenovo)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-03-04 22:06 - 2015-09-30 10:05 - 000081920 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2016-03-04 22:06 - 2015-09-30 10:05 - 000053248 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_socket.pyd
2016-03-04 22:06 - 2015-09-30 10:05 - 000655360 _____ () [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ssl.pyd
2015-07-22 20:44 - 2015-07-22 20:44 - 000285184 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2016-03-04 22:06 - 2015-09-30 10:00 - 001732608 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\PyImage\ijl20.dll
2015-07-22 20:44 - 2015-07-22 20:44 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2016-03-04 22:06 - 2015-09-30 09:58 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\MSVCR71.dll
2019-09-11 20:30 - 2019-09-11 20:30 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2016-03-04 22:06 - 2015-09-30 10:05 - 002113536 _____ (Python Software Foundation) [File not signed] C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\python25.dll
2020-07-22 19:45 - 2020-04-05 18:36 - 001343488 _____ (Robert Simpson, et al.) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\SQLite.Interop.dll
2020-07-22 19:40 - 2020-04-09 09:17 - 000944840 _____ (SQLite Development Team) [File not signed] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 09:24 - 2019-01-04 15:36 - 000000854 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdenda\Desktop\maxresdefault.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\StartupApproved\StartupFolder: => "DesktopVideoPlayer.lnk"
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_D0ADB01AE47DC9E09D7AF5F491994EFB"
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\...\StartupApproved\Run: => "EADM"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8E952F3C-185B-428D-AADA-976C28218C69}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [{DE45ABC0-6F76-4B5B-AEFD-574480F58CB0}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> )
FirewallRules: [UDP Query User{979BEC79-E88A-41EB-8876-440610EBF9F0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{B505C91A-C36A-40F9-9EF8-5C4F4CC46CE7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{9B72D60C-C557-4D24-96DC-64D152EE4DAF}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{3F8C16D8-15F2-48DB-B1EB-33A37F4B66C1}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe (LENOVO -> Lenovo)
FirewallRules: [{86B1426A-6A7A-453C-A7CD-99A1053C64E7}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{582E50C1-323E-4468-A624-78AE92C7E28C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{3FBD7652-B71F-480B-AE60-40E89C1CD1B7}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefront.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{A853E2A0-9119-4362-B073-40AB5804871D}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Block) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [UDP Query User{15106742-A716-40B6-A8B8-B59EE30ACABB}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe] => (Block) C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefront.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{F7F7DC76-8ABA-49A5-AB19-3B30E699DAF1}C:\users\zdenda\appdata\local\vghd\bin\vghd.exe] => (Block) C:\users\zdenda\appdata\local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [UDP Query User{47BDD9A2-2C82-415A-85ED-31E0449FAD0D}C:\users\zdenda\appdata\local\vghd\bin\vghd.exe] => (Block) C:\users\zdenda\appdata\local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [TCP Query User{7C38005F-C6EB-4C70-A8F9-A7E4C218AD26}C:\users\zdenda\appdata\local\vghd\bin\vghd.exe] => (Block) C:\users\zdenda\appdata\local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [UDP Query User{5A5E4EA9-7019-4920-BCBA-C8AB85C8A322}C:\users\zdenda\appdata\local\vghd\bin\vghd.exe] => (Block) C:\users\zdenda\appdata\local\vghd\bin\vghd.exe (Totem Entertainment) [File not signed]
FirewallRules: [{61A27DE9-8DE8-4326-AD10-7865C4A3C216}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D03E7FC7-D52F-49A9-A04C-B7B1193517A3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{5CFA03D6-A281-41F9-93B3-DB0EE2815E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Zombie 2\The Walking Zombie 2.exe () [File not signed]
FirewallRules: [{5628C235-0697-4A43-9B3F-C954F910CE1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Zombie 2\The Walking Zombie 2.exe () [File not signed]
FirewallRules: [{D8DFC977-3DC3-47FB-9274-555820D937FC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{62807FD5-493A-4B7F-ABED-99829BF32F04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{EE102BEF-A2FA-4E00-80E4-F0B6E379AD46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{783D8F40-EDEA-4D23-ABE0-0BB30A56C6AF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0E833916-9326-40F2-B2E0-0B32931C69DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{895B2510-B9D6-46C1-A4E7-15DAA8434016}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3AEE3424-520B-4CD9-B88F-AC72E0DAE2AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
03-05-2020 17:40:41 Naplánovaný kontrolní bod
28-07-2020 19:12:10 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (07/28/2020 07:58:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6000,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (07/28/2020 07:51:38 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6304,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).
Error: (07/28/2020 07:15:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (07/28/2020 07:15:09 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (07/28/2020 07:01:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program MicrosoftEdgeCP.exe verze 11.0.18362.1 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.
ID procesu: 2020
Čas spuštění: 01d66500416b6e56
Čas ukončení: 9
Cesta k aplikaci: C:\Windows\System32\MicrosoftEdgeCP.exe
ID hlášení: 71f85ec3-747d-4cf8-9f47-1007b16d3e2d
Úplný název balíčku s chybou: Microsoft.MicrosoftEdge_44.18362.449.0_neutral__8wekyb3d8bbwe
ID aplikace relativní podle balíčku s chybou: MicrosoftEdge
Typ zablokování: Unknown
Error: (07/28/2020 06:33:01 PM) (Source: ESENT) (EventID: 490) (User: )
Description: taskhostw (6976,R,98) WebCacheLocal: Pokus o otevření souboru C:\Users\Zdenda\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat pro čtení nebo zápis selhal. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru selže a dojde k chybě -1032 (0xfffffbf8).
Error: (07/22/2020 10:35:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, identifikátor PID: 3616, identifikátor PID ProfSvc: 1696.
Error: (07/22/2020 10:35:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1552) (User: NT AUTHORITY)
Description: Uživatelský podregistr načetl jiný proces (zámek registru). Název procesu: C:\Program Files\AVAST Software\Avast\AvastSvc.exe, identifikátor PID: 3616, identifikátor PID ProfSvc: 1696.
System errors:
=============
Error: (07/28/2020 07:21:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (07/28/2020 07:21:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).
Error: (07/28/2020 07:17:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Origin Web Helper Service neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (07/28/2020 07:17:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Origin Web Helper Service bylo dosaženo časového limitu (45000 ms).
Error: (07/28/2020 07:16:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby:
Soubor nebo adresář je porušen a není čitelný.
Error: (07/28/2020 07:15:08 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Windows Update se po přijetí pokynu pro vypnutí neukončila správně.
Error: (07/28/2020 06:56:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.
Error: (07/28/2020 06:56:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Windows Presentation Foundation Font Cache 3.0.0.0 bylo dosaženo časového limitu (45000 ms).
Windows Defender:
===================================
Date: 2019-12-21 20:47:31.647
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {27070DD6-4161-46D6-922C-5A6C007B7105}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-12-14 08:56:17.068
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B8D3032D-8687-466C-8818-4F5ABE55AB55}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-09-14 10:21:01.352
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {FAFCAC2C-EFBC-4802-81D0-FA033A764791}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-09-14 08:57:38.978
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {19D5CFE9-6E8B-4F55-983F-980961D941FF}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2019-09-12 15:21:30.658
Description:
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:JS/CoinHive.A
ID: 2147729066
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\ProgramData\AVAST Software\Avast\report\WebShield.txt
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Systém
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.301.1049.0, AS: 1.301.1049.0, NIS: 1.301.1049.0
Verze modulu: AM: 1.1.16300.1, NIS: 1.1.16300.1
Date: 2020-07-28 18:18:07.469
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.319.2068.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17200.2
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-07-28 18:18:07.468
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.319.2068.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17200.2
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-07-28 18:18:07.467
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.319.2068.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.17200.2
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-03-11 20:10:42.649
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1866.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
Date: 2020-03-11 20:10:42.648
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.307.1866.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.
CodeIntegrity:
===================================
Date: 2020-07-22 22:32:01.309
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-07-22 22:32:00.730
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-07-22 22:32:00.171
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-07-22 22:32:00.171
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\x86\aswhook.dll that did not meet the Microsoft signing level requirements.
Date: 2020-07-22 22:28:54.409
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-07-22 22:28:54.344
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-07-22 22:28:54.280
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2020-07-22 22:28:41.949
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 0QCN25WW 01/13/2016
Motherboard: LENOVO Nano BDW
Processor: Intel(R) Core(TM) i3-5005U CPU @ 2.00GHz
Percentage of memory in use: 89%
Total physical RAM: 4011.01 MB
Available physical RAM: 406.09 MB
Total Virtual: 6955.01 MB
Available Virtual: 2658.55 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:887.08 GB) (Free:744.87 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.16 GB) NTFS
Drive f: (FAT_596c) (Removable) (Total:14.88 GB) (Free:14.85 GB) FAT32
\\?\Volume{06a4fa8e-5daa-483c-ac52-8f69fb577962}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.45 GB) NTFS
\\?\Volume{771ba8e9-9491-4790-b889-648c44b4e7d3}\ (LENOVO_PART) (Fixed) (Total:17.21 GB) (Free:4.82 GB) NTFS
\\?\Volume{d09647c1-3d1a-4409-9a45-13f91af949ae}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 11F2B733)
Partition: GPT.
==========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: D2E4D2E4)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0B)
==================== End of Addition.txt =======================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zpomalený počítač - prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený počítač - prosím o kontrolu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený počítač - prosím o kontrolu
# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-29-2020
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 17
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Host App Service
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Zdenda\AppData\Local\Host App Service
Deleted C:\Users\host\AppData\Local\Host App Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D48B06E-2AE8-44DE-9012-2FAC7DC14CC1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\App Host Service
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\Host App Service
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted MySearch
Deleted MySearch
Deleted MySearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7373 octets] - [29/07/2020 18:40:03]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build: 07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 07-29-2020
# Duration: 00:00:07
# OS: Windows 10 Home
# Cleaned: 17
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Host App Service
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Zdenda\AppData\Local\Host App Service
Deleted C:\Users\host\AppData\Local\Host App Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D48B06E-2AE8-44DE-9012-2FAC7DC14CC1}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\App Host Service
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\Host App Service
Deleted HKU\S-1-5-21-820366760-2656376409-1252331811-1004\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted MySearch
Deleted MySearch
Deleted MySearch
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [7373 octets] - [29/07/2020 18:40:03]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený počítač - prosím o kontrolu
OK. Dejte nové logy FRST+Addition.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený počítač - prosím o kontrolu
Zdravím,
soubory jsou v přílohách.
soubory jsou v přílohách.
- Přílohy
-
- Addition.rar
- (9.45 KiB) Staženo 49 x
Re: Zpomalený počítač - prosím o kontrolu
Tak ještě FRST.rar
- Přílohy
-
- FRST.rar
- (20.25 KiB) Staženo 78 x
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený počítač - prosím o kontrolu
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {C55B44F7-0084-47DA-AFEA-C7EDD662CC03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
Task: {FDDE519F-E890-45A7-8162-6E5609755AF5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9BCA3827-E1D3-41DE-A559-B60F4F856A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-820366760-2656376409-1252331811-1001 -> DefaultScope {59E8965C-0205-4521-948F-FD744D6AC887} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
S1 frmaltmf; \??\C:\WINDOWS\system32\drivers\frmaltmf.sys [X]
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený počítač - prosím o kontrolu
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2020
Ran by Zdenda (29-07-2020 22:11:51) Run:1
Running from C:\Users\Zdenda\Desktop
Loaded Profiles: Zdenda
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {C55B44F7-0084-47DA-AFEA-C7EDD662CC03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
Task: {FDDE519F-E890-45A7-8162-6E5609755AF5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9BCA3827-E1D3-41DE-A559-B60F4F856A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-820366760-2656376409-1252331811-1001 -> DefaultScope {59E8965C-0205-4521-948F-FD744D6AC887} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
S1 frmaltmf; \??\C:\WINDOWS\system32\drivers\frmaltmf.sys [X]
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C55B44F7-0084-47DA-AFEA-C7EDD662CC03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C55B44F7-0084-47DA-AFEA-C7EDD662CC03}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDDE519F-E890-45A7-8162-6E5609755AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDE519F-E890-45A7-8162-6E5609755AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BCA3827-E1D3-41DE-A559-B60F4F856A99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BCA3827-E1D3-41DE-A559-B60F4F856A99}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-820366760-2656376409-1252331811-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\System\CurrentControlSet\Services\frmaltmf => removed successfully
frmaltmf => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14822878 B
Java, Flash, Steam htmlcache => 90184103 B
Windows/system/drivers => 21980444 B
Edge => 96577213 B
Chrome => 15946580 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 199144 B
systemprofile32 => 199144 B
LocalService => 1292776 B
NetworkService => 1301054 B
Zdenda => 12630239 B
host => 130855304 B
RecycleBin => 0 B
EmptyTemp: => 378.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:13:03 ====
Ran by Zdenda (29-07-2020 22:11:51) Run:1
Running from C:\Users\Zdenda\Desktop
Loaded Profiles: Zdenda
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {C55B44F7-0084-47DA-AFEA-C7EDD662CC03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
Task: {FDDE519F-E890-45A7-8162-6E5609755AF5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {9BCA3827-E1D3-41DE-A559-B60F4F856A99} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-12-28] (Google Inc -> Google Inc.)
HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-820366760-2656376409-1252331811-1001 -> DefaultScope {59E8965C-0205-4521-948F-FD744D6AC887} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
S1 frmaltmf; \??\C:\WINDOWS\system32\drivers\frmaltmf.sys [X]
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C55B44F7-0084-47DA-AFEA-C7EDD662CC03}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C55B44F7-0084-47DA-AFEA-C7EDD662CC03}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDDE519F-E890-45A7-8162-6E5609755AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDE519F-E890-45A7-8162-6E5609755AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BCA3827-E1D3-41DE-A559-B60F4F856A99}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BCA3827-E1D3-41DE-A559-B60F4F856A99}" => removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"HKU\S-1-5-21-820366760-2656376409-1252331811-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-820366760-2656376409-1252331811-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully
HKLM\System\CurrentControlSet\Services\frmaltmf => removed successfully
frmaltmf => service removed successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14822878 B
Java, Flash, Steam htmlcache => 90184103 B
Windows/system/drivers => 21980444 B
Edge => 96577213 B
Chrome => 15946580 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 199144 B
systemprofile32 => 199144 B
LocalService => 1292776 B
NetworkService => 1301054 B
Zdenda => 12630239 B
host => 130855304 B
RecycleBin => 0 B
EmptyTemp: => 378.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 22:13:03 ====
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený počítač - prosím o kontrolu
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Zpomalený počítač - prosím o kontrolu
Zdravím,
změna k lepšímu určitě nastala, počítač je rychlejší, ale pořád se mi nedaří zbavit se toho, že jakýkoliv program, stahovaný z internetu, například včetně FRST64.exe je okamžitě po stažení označen jako obsahující vir a zablokován.
změna k lepšímu určitě nastala, počítač je rychlejší, ale pořád se mi nedaří zbavit se toho, že jakýkoliv program, stahovaný z internetu, například včetně FRST64.exe je okamžitě po stažení označen jako obsahující vir a zablokován.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Zpomalený počítač - prosím o kontrolu
To je problém antiviru, případně prohlížeče. Jaký AV provozujete?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?