Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Změna příhlášení do Windows

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
dreyfus
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 22 kvě 2017 06:49

Změna příhlášení do Windows

#1 Příspěvek od dreyfus »

Dobrý den

Včera v noci při přihlášení do Windows neplatil můj starý PIN a musel jsem zadat kód z SMSky. Při následné kontrole RougueKillerem jsem našel 4 závadné položky všechny "svchost.exe". Nyní už mám PC čisté. Přesto pro jistotu prosím o kontrolu logů z FRST64.

FRST.txt

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-07-2021
Ran by zdenk (administrator) on DESKTOP-GOCDA6S (Hewlett-Packard HP Pro 3500 Series) (05-07-2021 08:46:16)
Running from C:\Music\Frst
Loaded Profiles: zdenk
Platform: Windows 10 Pro Version 20H2 19042.1052 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ABBYY SOLUTIONS LIMITED -> ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe <8>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\AvastBrowserCrashHandler64.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe <3>
(Avast Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Check Point Software Technologies Ltd. -> ) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\zdenk\AppData\Local\Microsoft\OneDrive\21.119.0613.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\zdenk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [123672 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [325856 2020-01-23] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [ZaAntiRansomware] => C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe [4231392 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-833874239-3134217361-4166518074-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [232448 2010-12-07] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-833874239-3134217361-4166518074-1001\...\Run: [EPSON SX130 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE [232448 2010-12-07] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\EPSON SX130 Series 64MonitorBE: C:\WINDOWS\system32\E_ILMHJE.DLL [118784 2008-11-12] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-28] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.10364.115\Installer\chrmstp.exe [2021-06-21] (Avast Software s.r.o. -> AVAST Software)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> "C:\Program Files (x86)\AVAST Software\Browser\Application\86.1.6937.199\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14DA46A9-4EE8-4DA5-A18E-BE093563896D} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
Task: {42A94C21-7B86-42D0-8D43-7ED6C7F4C664} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5AAE7FA8-B6B2-4C22-9250-22D01D1EAF02} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {73F6D953-B11F-4718-A38D-4477858CC354} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8C1F6413-6CCB-464F-924A-8153C81978BE} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {91322C2E-A21A-432D-81F9-46D2A7BC8C17} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [637368 2021-06-24] (Mozilla Corporation -> Mozilla Foundation)
Task: {AB29A428-99B9-4FA2-9FD0-8E0D19A179D4} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B069B2BB-CBF1-4454-90E2-35D48638818F} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {D2DB7941-AAC4-4CA4-8EC5-130967684098} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [4903192 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
Task: {D928ABA3-1921-4C82-847F-FCED3A9AE254} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-27] (Avast Software s.r.o. -> AVAST Software)
Task: {F9650EBE-3754-4010-9FB0-82C94AE52F72} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [2277640 2021-06-18] (Avast Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{c87c97ca-3367-4e14-abd7-d037cc44a5ca}: [DhcpNameServer] 192.168.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\zdenk\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-04]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: 9myba43u.default
FF ProfilePath: C:\Users\zdenk\AppData\Roaming\Mozilla\Firefox\Profiles\9myba43u.default [2021-07-05]
FF Homepage: Mozilla\Firefox\Profiles\9myba43u.default -> about:blank
FF Extension: (Avast Online Security) - C:\Users\zdenk\AppData\Roaming\Mozilla\Firefox\Profiles\9myba43u.default\Extensions\wrc@avast.com.xpi [2021-02-18]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=3 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-27] (Avast Software s.r.o. -> AVAST Software)
FF Plugin-x32: @update.avastbrowser.com/Avast Browser;version=9 -> C:\Program Files (x86)\AVAST Software\Browser\Update\1.8.1065.0\npAvastBrowserUpdate3.dll [2020-10-27] (Avast Software s.r.o. -> AVAST Software)

Chrome: 
=======
CHR Profile: C:\Users\zdenk\AppData\Local\Google\Chrome\User Data\Default [2021-06-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\zdenk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-06-02]
CHR Extension: (Chrome Media Router) - C:\Users\zdenk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-01-02]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY SOLUTIONS LIMITED -> ABBYY)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [8249936 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-27] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [625432 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\AVAST Software\Avast\aswToolsSvc.exe [373528 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [194200 2020-10-27] (Avast Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.10364.115\elevation_service.exe [1421288 2021-06-18] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [56912 2021-06-02] (Avast Software s.r.o. -> AVAST Software)
R2 CPEFR; C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe [3274432 2021-04-10] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 CpSbaCipolla; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
R2 CpSbaUpdater; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe [33984 2021-04-19] (Check Point Software Technologies Ltd. -> )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7462200 2021-07-03] (Malwarebytes Inc -> Malwarebytes)
R2 RemediationService; C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe [18624 2021-03-29] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13688656 2021-03-24] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TESvc; C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe [137920 2021-04-09] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4528344 2020-01-21] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ZAARUpdateService; C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe [51936 2021-04-19] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2020-01-21] (Check Point Software Technologies Ltd. -> Check Point Software Technologies, Ltd.)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aksfridge; C:\WINDOWS\System32\drivers\aksfridge.sys [131072 2010-09-27] (Microsoft Windows Hardware Compatibility Publisher -> SafeNet Inc.)
S3 akshasp; C:\WINDOWS\System32\drivers\akshasp.sys [53760 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\WINDOWS\System32\drivers\akshhl.sys [56960 2007-07-23] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 akspccard; C:\WINDOWS\System32\drivers\akspccard.sys [20736 2007-08-20] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\drivers\aksusb.sys [25344 2009-03-13] (Microsoft Windows Hardware Compatibility Publisher -> Aladdin Knowledge Systems Ltd.)
R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35720 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216928 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [366616 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250392 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99352 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-05-28] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41352 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [182600 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [524400 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107848 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82912 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851192 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471920 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [327536 2021-06-28] (Avast Software s.r.o. -> AVAST Software)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 cpbak; C:\WINDOWS\System32\DRIVERS\cpbak.sys [83248 2020-09-03] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 CPEPMon; C:\WINDOWS\System32\DRIVERS\CPEPMon.sys [153040 2021-04-06] (Microsoft Windows Hardware Compatibility Publisher -> Check Point Software Technologies)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-09-08] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-09-08] (Disc Soft Ltd -> Disc Soft Ltd)
R1 epnetflt; C:\WINDOWS\system32\drivers\epnetflt.sys [135984 2020-12-06] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
R1 epregflt; C:\WINDOWS\system32\drivers\epregflt.sys [133416 2020-12-02] (Check Point Software Technologies Ltd. -> Check Point Software Technologies)
S3 ghsdiag; C:\WINDOWS\System32\drivers\ghsdiag.sys [129304 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 ghsnmea; C:\WINDOWS\System32\drivers\ghsnmea.sys [129304 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
R2 ISWKL; C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\ISWKL.sys [56184 2021-01-28] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-07-05] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-25] (Malwarebytes Inc -> Malwarebytes)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-07-05] (Adlice -> )
R1 Vsdatant; C:\WINDOWS\system32\DRIVERS\vsdatant.sys [461240 2018-05-15] (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2019-12-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2019-12-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-24] (Microsoft Windows -> Microsoft Corporation)
S3 zgdcat; C:\WINDOWS\System32\drivers\zgdcat.sys [130200 2011-12-12] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zgdcdiag; C:\WINDOWS\System32\drivers\zgdcdiag.sys [130200 2011-12-12] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zghsat; C:\WINDOWS\System32\drivers\zghsat.sys [129432 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zghsdiag; C:\WINDOWS\System32\drivers\zghsdiag.sys [129432 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zghsdiagmdm; C:\WINDOWS\System32\drivers\zghsdiagmdm.sys [129432 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zghsnmea; C:\WINDOWS\System32\drivers\zghsnmea.sys [129432 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 zghsvousb; C:\WINDOWS\System32\drivers\zghsvousb.sys [129432 2011-08-15] (ZTE CORPORATION  -> ZTE Incorporated)
S3 ZTEMSD0292; C:\WINDOWS\System32\Drivers\ZTEMSD0292.sys [26648 2011-09-02] (ZTE CORPORATION  -> ZTE Corporation)
S3 ZTEusbdvbh; C:\WINDOWS\System32\drivers\ZTEusbdvbh.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbgps; C:\WINDOWS\System32\drivers\ZTEusbgps.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbMB; C:\WINDOWS\System32\drivers\ZTEusbnmeaext2.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbnmea; C:\WINDOWS\System32\drivers\ZTEusbnmea.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbnmeaext; C:\WINDOWS\System32\drivers\ZTEusbnmeaext.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbser6k; C:\WINDOWS\System32\drivers\ZTEusbser6k.sys [107520 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
S3 ZTEusbvoice; C:\WINDOWS\System32\drivers\ZTEusbvoice.sys [123136 2011-12-09] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated)
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-05 00:16 - 2021-07-05 00:16 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2021-07-05 00:00 - 2021-07-05 00:00 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-07-04 22:41 - 2021-07-04 22:54 - 000000000 ____D C:\Users\defaultuser100000
2021-06-28 14:54 - 2021-06-28 14:53 - 000339736 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-06-28 14:54 - 2021-06-28 14:53 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-06-25 12:27 - 2021-06-25 12:27 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-25 07:54 - 2021-06-25 07:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-24 23:03 - 2021-06-28 14:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-06-13 08:28 - 2021-06-13 08:28 - 000000476 _____ C:\WINDOWS\system32\.tmp
2021-06-13 00:56 - 2021-06-13 00:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-13 00:56 - 2021-06-13 00:56 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-13 00:56 - 2021-06-13 00:56 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-13 00:56 - 2021-06-13 00:56 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-13 00:56 - 2021-06-13 00:56 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-13 00:56 - 2021-06-13 00:56 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-13 00:55 - 2021-06-13 00:55 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-13 00:55 - 2021-06-13 00:55 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-13 00:54 - 2021-06-13 00:54 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-13 00:54 - 2021-06-13 00:54 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-13 00:53 - 2021-06-13 00:53 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-13 00:53 - 2021-06-13 00:53 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-13 00:52 - 2021-06-13 00:52 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-13 00:52 - 2021-06-13 00:52 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-13 00:52 - 2021-06-13 00:52 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-13 00:51 - 2021-06-13 00:51 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-13 00:51 - 2021-06-13 00:51 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-13 00:50 - 2021-06-13 00:50 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-13 00:36 - 2021-06-13 00:41 - 091918514 _____ C:\Users\zdenk\Downloads\prsatka.mp4
2021-06-09 00:00 - 2021-06-09 00:00 - 000014352 _____ C:\Users\zdenk\Downloads\MY FAFORITE SYSTEMS.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-07-05 08:48 - 2019-03-19 08:35 - 000000000 ____D C:\FRST
2021-07-05 08:44 - 2020-09-28 01:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-07-05 08:44 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-05 08:19 - 2020-09-28 01:52 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-07-05 08:17 - 2018-10-18 13:39 - 000000000 ___RD C:\Users\zdenk\OneDrive
2021-07-05 00:21 - 2018-10-18 17:08 - 000000000 ____D C:\Users\zdenk\AppData\LocalLow\Mozilla
2021-07-05 00:01 - 2018-10-18 17:01 - 000000000 ____D C:\ProgramData\AVAST Software
2021-07-04 23:59 - 2020-09-28 01:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-07-04 23:59 - 2020-09-28 01:12 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-04 23:58 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-07-04 22:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-07-03 23:19 - 2020-06-05 09:06 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-03 23:19 - 2020-06-05 09:06 - 000002276 _____ C:\ProgramData\Plocha\Microsoft Edge.lnk
2021-07-03 23:19 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-03 12:33 - 2021-03-14 13:27 - 000002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-07-03 12:33 - 2021-03-14 13:27 - 000002023 _____ C:\ProgramData\Plocha\Malwarebytes.lnk
2021-07-02 23:41 - 2020-09-28 01:52 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-833874239-3134217361-4166518074-1001
2021-07-02 23:41 - 2020-09-28 01:20 - 000002379 _____ C:\Users\zdenk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-01 23:08 - 2020-09-28 01:52 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-01 23:08 - 2020-09-28 01:52 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-28 14:54 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-28 14:53 - 2020-10-27 09:55 - 000182600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-06-28 14:53 - 2020-04-07 07:44 - 000524400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-06-28 14:53 - 2019-01-19 08:40 - 000250392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-06-28 14:53 - 2019-01-19 08:40 - 000099352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-06-28 14:53 - 2018-10-18 17:03 - 000471920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-06-28 14:53 - 2018-10-18 17:03 - 000327536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-06-28 14:53 - 2018-10-18 17:03 - 000107848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-06-28 14:53 - 2018-10-18 17:03 - 000082912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-06-28 14:53 - 2018-10-18 17:03 - 000041352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-06-28 14:52 - 2019-01-19 08:45 - 000366616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-06-28 14:52 - 2019-01-19 08:40 - 000035720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys
2021-06-28 14:52 - 2018-10-18 17:03 - 000851192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-06-28 14:52 - 2018-10-18 17:03 - 000216928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-06-28 14:45 - 2018-10-18 17:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-28 14:32 - 2018-10-20 14:36 - 000000000 ____D C:\Users\zdenk\AppData\Local\CrashDumps
2021-06-25 07:54 - 2018-10-18 17:08 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-25 00:39 - 2018-10-18 17:21 - 000000000 ____D C:\Users\zdenk\AppData\Roaming\vlc
2021-06-24 07:29 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2021-06-22 12:11 - 2020-09-28 01:31 - 001693140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-22 12:11 - 2019-12-07 16:43 - 000716770 _____ C:\WINDOWS\system32\perfh005.dat
2021-06-22 12:11 - 2019-12-07 16:43 - 000144948 _____ C:\WINDOWS\system32\perfc005.dat
2021-06-22 12:11 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-21 23:20 - 2019-02-08 16:03 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2021-06-21 23:20 - 2019-02-08 16:03 - 000002465 _____ C:\ProgramData\Plocha\Avast Secure Browser.lnk
2021-06-18 07:30 - 2020-09-24 11:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-06-17 12:17 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-16 08:11 - 2020-09-28 01:20 - 000000000 ____D C:\Users\zdenk
2021-06-13 11:54 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-13 08:41 - 2020-09-28 01:12 - 000438936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-13 08:37 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-13 08:36 - 2019-12-07 16:47 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-13 08:36 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-13 08:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-13 08:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-12 12:04 - 2020-09-15 00:44 - 000000000 ___HD C:\$WinREAgent
2021-06-12 12:04 - 2018-10-18 14:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-12 11:59 - 2018-10-18 14:35 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2019-08-13 12:47 - 2019-08-20 17:26 - 000000163 _____ () C:\Users\zdenk\AppData\Roaming\PLGComp.ini

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
Addition.txt

Kód: Vybrat vše

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2021
Ran by zdenk (05-07-2021 08:55:15)
Running from C:\Music\Frst
Windows 10 Pro Version 20H2 19042.1052 (X64) (2020-09-27 23:54:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-833874239-3134217361-4166518074-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-833874239-3134217361-4166518074-503 - Limited - Disabled)
Guest (S-1-5-21-833874239-3134217361-4166518074-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-833874239-3134217361-4166518074-504 - Limited - Disabled)
zdenk (S-1-5-21-833874239-3134217361-4166518074-1001 - Administrator - Enabled) => C:\Users\zdenk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {217C3BCF-3FBD-7C30-A427-2D11E16F3BEB}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {8D637332-9C08-995E-98D7-8237936B0E9F}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {3EB84D8C-4821-F4B8-2DD8-2831FAA29B21}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.01.513.58212 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
Ashampoo Burning Studio 6 FREE v.6.84 (HKLM-x32\...\{91B33C97-3ED1-03EA-A67B-244AA4D7B559}_is1) (Version: 6.8.4 - Ashampoo GmbH & Co. KG)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.5.2470 - Avast Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 91.0.10364.115 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Heroes of Might and Magic (DOSBox 0.74 emulace) (HKLM-x32\...\Heroes of Might and Magic (DOSBox 0.74 emulace)) (Version:  - )
Check Point SBA (HKLM\...\{405209A1-63AA-4AB5-A6A9-4F088BA951A3}) (Version: 86.6.8560 - Check Point Software Technologies Ltd.) Hidden
LibreOffice 6.1.4.2 (HKLM\...\{080C0C39-B1B5-48BB-85AB-4F9A8768CD10}) (Version: 6.1.4.2 - The Document Foundation)
Malwarebytes version 4.4.2.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.2.123 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.64 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-833874239-3134217361-4166518074-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 89.0.2 (x86 cs)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
RogueKiller version 14.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.6.0 - Adlice Software)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
Uživatelská příručka EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
ZoneAlarm Anti-Ransomware (HKLM-x32\...\{0B8C3231-9818-4CB9-8213-4AB839836791}) (Version: 1.004.7033 - Check Point Software) Hidden
ZoneAlarm Firewall (HKLM-x32\...\{2F77A309-CAB9-4C8A-8ED0-8C8DA3FF0744}) (Version: 15.8.038.18284 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.8.038.18284 - Check Point)
ZoneAlarm Security (HKLM-x32\...\{DA17D180-7193-4070-B085-9827DB80C2F8}) (Version: 15.8.038.18284 - Check Point Software Technologies Ltd.) Hidden

Packages:
=========
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2050.2.0_x86__kgqvnymyfvs32 [2021-06-29] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.196.600.0_x86__kgqvnymyfvs32 [2021-06-25] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1108.0_x64__rz1tebttyb220 [2021-05-29] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-21] (Microsoft Studios) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-28] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2021-06-28] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-03-14] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=13472&utm_medium=desktop&x-pos=Metro

==================== Loaded Modules (Whitelisted) =============

2019-02-21 22:00 - 2019-02-21 22:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2008-04-11 11:54 - 2008-04-11 11:54 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\MSVCR71.dll
2020-01-20 22:16 - 2020-01-20 22:16 - 000986112 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\CheckPoint\ZoneAlarm\dbghelp.dll
2021-04-19 15:12 - 2021-04-19 15:12 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\x86\SQLite.Interop.dll
2021-03-29 13:26 - 2021-03-29 13:26 - 001156608 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\SQLite\SQLite.Interop.dll
2005-01-13 10:47 - 2005-01-13 10:47 - 000049152 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ESPSUTL.dll
2010-03-25 17:57 - 2010-03-25 17:57 - 000055296 _____ (SEIKO EPSON CORP.) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScnMgr10.dll
2018-10-20 14:38 - 2009-08-24 10:10 - 000430592 _____ (SEIKO EPSON CORPORATION / CyCom Technology Corp.) [File not signed] C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
2010-03-25 12:02 - 2010-03-25 12:02 - 000103936 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll
2010-06-23 14:40 - 2010-06-23 14:40 - 000136704 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Program Files (x86)\Epson Software\Event Manager\ScanEngine30.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) [File not signed]
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.) [File not signed]

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-10-18 13:45 - 2018-10-18 13:41 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-833874239-3134217361-4166518074-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\zdenk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\25 beautiful beach wallpapers hd - mixhd wallpapers.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7232F25D-5CAE-44E7-BEAD-E38E86BC6754}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{4164DC48-E0D9-4C2D-AF49-106697602455}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{9EFBE43A-2536-4486-B40D-138556363B44}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{B6FE54DA-6C05-4099-A563-D5D68BA4D501}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies Ltd. -> Check Point Software Technologies Ltd.)
FirewallRules: [{B3698D9B-99B0-4DFF-82CF-5021A6ADEE48}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4ED8BD26-D8BE-4838-AFAF-570AAB88C6A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3FBEB97F-5A9B-4D68-B880-A503A2045770}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{E1C6FF37-6FFF-4F2C-9698-A01BD1C1BA80}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
FirewallRules: [{6D20082D-22D1-47AA-90CF-9E5D6817563E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{094AD54E-B39A-48ED-9FBB-0483CFDEA2CB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1764BC80-A2EA-4C46-95A0-8D6A71BEE147}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DDEC21B1-AEF9-48B6-A0C9-FFD7C68BA0FC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A48AD4F0-7F01-4CE7-AD92-6AA5AD8CE8AE}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{33D77FE2-7E4F-477D-A64C-ED540D37AB0E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

23-06-2021 00:26:56 Naplánovaný kontrolní bod
02-07-2021 07:38:39 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (07/05/2021 12:04:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TESvc.exe, verze: 8.60.6.8515, časové razítko: 0x607025b1
Název chybujícího modulu: clr.dll, verze: 4.8.4360.0, časové razítko: 0x606e7038
Kód výjimky: 0xc0000409
Posun chyby: 0x0060cd78
ID chybujícího procesu: 0x2b48
Čas spuštění chybující aplikace: 0x01d771209055a3c4
Cesta k chybující aplikaci: C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
Cesta k chybujícímu modulu: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
ID zprávy: 6660962d-36c6-4cd2-a0a7-6d0051a6fe82
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (07/05/2021 12:02:33 AM) (Source: SecurityCenter) (EventID: 18) (User: )
Description: Službě Centrum zabezpečení Windows se nepodařilo načíst instance objektu FirewallProduct z úložiště dat.

Error: (07/04/2021 11:10:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program SystemSettings.exe verze 10.0.19041.1023 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: d7c

Čas spuštění: 01d77118a74fe34a

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

ID hlášení: ec5c8023-3dca-453a-872a-81830ff5bf5d

Úplný název balíčku s chybou: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy

ID aplikace relativní podle balíčku s chybou: microsoft.windows.immersivecontrolpanel

Typ zablokování: Cross-thread

Error: (07/04/2021 10:54:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1023, časové razítko: 0x7977b9de
Kód výjimky: 0xc000000d
Posun chyby: 0x0000000000112174
ID chybujícího procesu: 0x23b4
Čas spuštění chybující aplikace: 0x01d7711508c3a6e7
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 046e3413-dda3-44d3-9648-ebe979df8121
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (07/04/2021 10:53:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.19041.546, časové razítko: 0x058e175a
Název chybujícího modulu: ntdll.dll, verze: 10.0.19041.1023, časové razítko: 0x7977b9de
Kód výjimky: 0xc000000d
Posun chyby: 0x0000000000112174
ID chybujícího procesu: 0x23b4
Čas spuštění chybující aplikace: 0x01d7711508c3a6e7
Cesta k chybující aplikaci: C:\WINDOWS\system32\svchost.exe
Cesta k chybujícímu modulu: C:\WINDOWS\SYSTEM32\ntdll.dll
ID zprávy: 1fbe31b0-3bc2-4fe4-8218-dc20968db361
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (07/04/2021 10:15:36 AM) (Source: ESENT) (EventID: 902) (User: )
Description: svchost (8452,D,14) Unistore: Databázový stroj zaznamenal několik vláken, která nepovoleně používají stejné relace databáze k provedení databázových operací.

	SessionId: 0x000001E22EB51840

	Kontext relace: 0x0000000000000000

	ThreadId kontextu relace: 0x0000000000000000

	Aktuální ThreadId: 0x000000000000159C

	Trasování relace:

Error: (07/04/2021 10:15:36 AM) (Source: ESENT) (EventID: 902) (User: )
Description: svchost (8452,D,72) Unistore: Databázový stroj zaznamenal několik vláken, která nepovoleně používají stejné relace databáze k provedení databázových operací.

	SessionId: 0x000001E22EB51840

	Kontext relace: 0x0000000000000000

	ThreadId kontextu relace: 0x0000000000000000

	Aktuální ThreadId: 0x000000000000159C

	Trasování relace:

Error: (07/04/2021 10:15:36 AM) (Source: ESENT) (EventID: 902) (User: )
Description: svchost (8452,D,38) Unistore: Databázový stroj zaznamenal několik vláken, která nepovoleně používají stejné relace databáze k provedení databázových operací.

	SessionId: 0x000001E22EB51840

	Kontext relace: 0x0000000000000000

	ThreadId kontextu relace: 0x0000000000000000

	Aktuální ThreadId: 0x000000000000159C

	Trasování relace:


System errors:
=============
Error: (07/05/2021 12:05:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Check Point SandBlast Agent Threat Emulation byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 500 milisekund: Restartovat službu.

Error: (07/05/2021 12:03:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Check Point Sandblast Agent Cipolla neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (07/05/2021 12:03:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Check Point Sandblast Agent Cipolla bylo dosaženo časového limitu (30000 ms).

Error: (07/04/2021 11:59:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba aksfridge neuspěla při spuštění v důsledku následující chyby: 
Načtení tohoto ovladače je blokováno.

Error: (07/04/2021 11:57:26 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba TrueVector Internet Monitor se po přijetí pokynu pro vypnutí neukončila správně.

Error: (07/04/2021 11:57:09 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba Avast Antivirus se po přijetí pokynu pro vypnutí neukončila správně.

Error: (07/04/2021 06:10:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/04/2021 10:15:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GOCDA6S)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.


CodeIntegrity:
===============
Date: 2021-07-05 08:49:39
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-07-05 08:20:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\setup\uat_3164.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-07-05 08:20:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2021-07-05 08:20:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Windows signing level requirements.

Date: 2021-07-05 08:15:59
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\Endpoint Security\EFR\CP_AmsiProvider64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

BIOS: AMI 7.06 06/07/2012
Motherboard: Foxconn 2ABF
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 74%
Total physical RAM: 3982.02 MB
Available physical RAM: 1014.61 MB
Total Virtual: 6414.02 MB
Available Virtual: 2511.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:449.19 GB) (Free:324.96 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.38 GB) (Free:16.3 GB) NTFS

\\?\Volume{bc66f483-0000-0000-0000-100000000000}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{bc66f483-0000-0000-0000-606a74000000}\ (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: BC66F483)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=27)

==================== End of Addition.txt =======================

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Změna příhlášení do Windows

#2 Příspěvek od Rudy »

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {42A94C21-7B86-42D0-8D43-7ED6C7F4C664} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5AAE7FA8-B6B2-4C22-9250-22D01D1EAF02} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {73F6D953-B11F-4718-A38D-4477858CC354} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {AB29A428-99B9-4FA2-9FD0-8E0D19A179D4} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U3 iswSvc; no ImagePath

EmptyTemp:
End
Uložte do C:\Music\Frst jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

dreyfus
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 22 kvě 2017 06:49

Re: Změna příhlášení do Windows

#3 Příspěvek od dreyfus »

Udělal jsem, jak jste napsal. Zde je výsledek:

Fixlog.txt

Kód: Vybrat vše

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-07-2021
Ran by zdenk (05-07-2021 12:23:01) Run:16
Running from C:\Music\Frst
Loaded Profiles: zdenk
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
Task: {42A94C21-7B86-42D0-8D43-7ED6C7F4C664} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5AAE7FA8-B6B2-4C22-9250-22D01D1EAF02} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {73F6D953-B11F-4718-A38D-4477858CC354} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {AB29A428-99B9-4FA2-9FD0-8E0D19A179D4} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
U3 iswSvc; no ImagePath

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Edge => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{42A94C21-7B86-42D0-8D43-7ED6C7F4C664}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42A94C21-7B86-42D0-8D43-7ED6C7F4C664}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5AAE7FA8-B6B2-4C22-9250-22D01D1EAF02}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AAE7FA8-B6B2-4C22-9250-22D01D1EAF02}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{73F6D953-B11F-4718-A38D-4477858CC354}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73F6D953-B11F-4718-A38D-4477858CC354}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AB29A428-99B9-4FA2-9FD0-8E0D19A179D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB29A428-99B9-4FA2-9FD0-8E0D19A179D4}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => not found
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
HKLM\System\CurrentControlSet\Services\iswSvc => removed successfully
iswSvc => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27600258 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 165897 B
Edge => 0 B
Chrome => 0 B
Firefox => 1104651296 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14204 B
NetworkService => 14204 B
zdenk => 98523955 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:31:07 ====
Počítač funguje normálně.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Změna příhlášení do Windows

#4 Příspěvek od Rudy »

Smazáno, log je OK. Byly to jen zbytečnosti.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

dreyfus
Návštěvník
Návštěvník
Příspěvky: 28
Registrován: 22 kvě 2017 06:49

Re: Změna příhlášení do Windows

#5 Příspěvek od dreyfus »

Díky za pomoc.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Změna příhlášení do Windows

#6 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno