VIRY.CZ

Vyzkouším to a uvidím. Moc díky za pomoc a přeji pěkné svátky

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

Tak jsem ten účet zkusil odebrat, restartovat PC, ale výsledek je nic moc. Tedy kliknutí pravým na soubor a pokus o kontrolu skončí stejně jako předtím, hláškou o omezení. Jediný rozdíl je, že se přes nabídku Start dá vyhledat "Ochrana před viry a hrozbami", ale v ní nejde spustit kontrola, neproběhne žádná rekace po stisku tlačítka, a ani nede zapnout "ochrana v reálném čase" v nastavení.

Hm, posli nove logy z FRST.

Zasílám oba logy v příloze.

Pardon za zdrzanie.

Ak problem pretrvava a ten univerzitny ucet si este nepridal naspat, tak poprosim spustit tento fixlist:

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CMD: dsregcmd /status
  ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies
  ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
  ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
  ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
  Folder: C:\WINDOWS\system32\GroupPolicy
  Folder: C:\WINDOWS\SysWOW64\GroupPolicy
  Folder: C:\WINDOWS\system32\GroupPolicyUsers
  Folder: C:\WINDOWS\SysWOW64\GroupPolicyUsers
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Netřeba se jakkoliv omlouvat, však byly svátky

Stav zůstává stále stejný, účet jsem nepřidával.
Fixlist proveden, reset nebyl vyžadován, níže zasílám log:


Fix result of Farbar Recovery Scan Tool (x64) Version: 26-12-2019
Ran by Bodie (27-12-2019 20:46:17) Run:1
Running from C:\Users\Bodie\Desktop
Loaded Profiles: Bodie (Available Profiles: Bodie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: dsregcmd /status
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
Folder: C:\WINDOWS\system32\GroupPolicy
Folder: C:\WINDOWS\SysWOW64\GroupPolicy
Folder: C:\WINDOWS\system32\GroupPolicyUsers
Folder: C:\WINDOWS\SysWOW64\GroupPolicyUsers
End
*****************


========= dsregcmd /status =========


+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO

+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+

NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO

+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+

IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision


========= End of CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]
[HKLM\SOFTWARE\Policies\Microsoft]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
[HKLM\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\TPM]
"OSManagedAuthLevel"="5"
[HKLM\SOFTWARE\Policies\Microsoft\Windows]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\Appx]
"AllowAllTrustedApps"="65535"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\DriverSearching]
"DriverUpdateWizardWuSearchEnabled"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
""=""
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\safer]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync]
"EnableBackupForWin8Apps"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\Local]
"WCMPresent"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin]
""=""
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbBlockDeviceBySetupClass"="1"
"fEnableUsbNoAckIsochWriteToDevice"="80"
"fEnableUsbSelectDeviceByInterface"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DependOnService"="RpcSs"
"Description"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-240"
"DisplayName"="@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310"
"ErrorControl"="1"
"FailureActions"="8051010000000000010000000300000014000000030000006400000000000000640000000000000064000000"
"ImagePath"=""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe""
"LaunchProtected"="3"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeLoadDriverPrivilege*SeSecurityPrivilege*SeShutdownPrivilege*SeIncreaseQuotaPrivilege*SeAssignPrim (the data entry has 118 more characters)."
"ServiceSidType"="1"
"Start"="2"
"Type"="16"
"FailureCommand"="C:\WINDOWS\system32\mrt.exe /EHB /ServiceFailure "CAMP=4.18.1911.3;approximate-> Engine=1.1.16600.7;AVSIG=1.307.1134.0;ASSIG=1.307.1134.0" /StartService /Defender /q"
[HKLM\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"="01001480f400000000010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200c40007000000000018009d01020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 336 more characters)."

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"DependOnService"="RpcSs"
"Description"="@%systemroot%\system32\SecurityHealthAgent.dll,-1001"
"DisplayName"="@%systemroot%\system32\SecurityHealthAgent.dll,-1002"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000000000000"
"ImagePath"="%SystemRoot%\system32\SecurityHealthService.exe"
"LaunchProtected"="2"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeSecurityPrivilege*SeAssignPrimaryTokenPrivilege*SeTcbPrivilege*SeSystemEnvironmentPrivilege*SeShu (the data entry has 14 more characters)."
"ServiceSidType"="1"
"Type"="16"
[HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"="1"
"DependOnService"="RpcSs"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p"
"LaunchProtected"="2"
"ObjectName"="NT AUTHORITY\LocalService"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."

=== End of ExportKey ===

========================= Folder: C:\WINDOWS\system32\GroupPolicy ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\SysWOW64\GroupPolicy ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\system32\GroupPolicyUsers ========================

not found.

====== End of Folder: ======


========================= Folder: C:\WINDOWS\SysWOW64\GroupPolicyUsers ========================

not found.

====== End of Folder: ======


==== End of Fixlog 20:46:18 ====

Musim sa priznat, ze tento problem je uz aj pre mna zahadou

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  ExportKey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  CMD: sc queryex WinDefend
  CMD: sc queryex SecurityHealthService
  CMD: sc queryex wscsvc
  PowerShell: Get-Service -Name WinDefend | Select-Object -Property *
  PowerShell: Get-Service -Name SecurityHealthService | Select-Object -Property *
  PowerShell: Get-Service -Name wscsvc | Select-Object -Property *
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

Dalej znovu poprosim aj nove logy z FRST.

Připadá mi, že už tím jen zbytečně zdržuju. Tak si kdyžtak najdu po novém roce den volna a provedu reinstal celého notebooku.

V příloze zasílám všechny logy.

Urcite nezdrzujes/neotravujes, ja by som tiez rad odhalil pricinu (a myslim, ze uz sa to aj podarilo). Podla posledneho logu je poskodena (resp. vobec nie je zaregistrovana) sluzba "SecurityHealthService" (Windows Zabezpecenie), ktora je standardnou sucastou Windows 10 v1909.

Je pravda, ze reinstall Windowsu by bola asi najucinnejsia moznost, ale ak si reinstall este neurobil, tak vyskusaj tento fixlist:

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  REG: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Po restartovani PC otestuj Windows Defender - vo verzii Win 10 v1909 je sucastou programu Windows Zabezpecenie / Zabezpeceni Windows.

Přeinstalování jsem zatím nestihl, a poslední fix pomohl, jupííí Moc děkuju, Defender už zase normálně běží.

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by Bodie (04-01-2020 09:49:01) Run:3
Running from C:\Users\Bodie\Desktop
Loaded Profiles: Bodie (Available Profiles: Bodie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

REG: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "3" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 12345344 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44929886 B
Java, Flash, Steam htmlcache => 14686 B
Windows/system/drivers => 8843972 B
Edge => 25101 B
Chrome => 70421671 B
Firefox => 1129581075 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
Users => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 5510356 B
systemprofile32 => 5510356 B
LocalService => 5510356 B
NetworkService => 5542768 B
Bodie => 168070315 B

RecycleBin => 4617818305 B
EmptyTemp: => 5.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:49:46 ====

Super, som rad, ze sa to nakoniec podarilo Predpokladam, ze ine problemy s PC uz nie su, ci?

Este odporucam "preventivne" znovu spustit kontrolu integrity systemovych suborov (logy uz nie je potrebne zasielat)

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  DISM.exe /Online /Cleanup-image /Restorehealth

• Po dokonceni skopiruj a spusti druhy prikaz:

  Kód: Vybrat vše

  sfc /scannow

O žádných jiných problémech nevím
Oba příkazy provedeny a nenašlo to žádný problém, vše vpořádku.

Ještě jednou mockrát děkuju za spoustu času, kterou jsi mi tady věnoval

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"

Uklizeno, díky