Neúspěšné aktualizace Win 10

[kristian1154]

Dobrý den,
zjistil jsem že mi cca 2 týdny neprobíhají aktualizace Windows, nedaří se je nainstalovat ani ručně, zkusil jsem různé rady k řešení, ale zatím neúspěšně.
V rámci doporučené diagnostiky jsem zjistil chybné a poškozené soubody, DISM a CBS log, mohu rovněž případně zaslat.
ADW cleaner minulý týden nalezl 1 havěť, Malwarebytes včera nic.

Děkuji předem za rady.

Systémové informace:
Název operačního systému Microsoft Windows 10 Home
Verze 10.0.18362 Build 18362
Další popis operačního systému Není k dispozici
Výrobce operačního systému Microsoft Corporation
Název systému DESKTOP-6TO36RH
Výrobce systému Gigabyte Technology Co., Ltd.
Model systému B365M D2V
Typ systému x64-based PC
SKU systému Default string
Procesor Intel(R) Core(TM) i3-9100F CPU @ 3.60GHz, 3600 Mhz, jádra: 4, logické procesory: 4
Verze systému BIOS/Datum American Megatrends Inc. F2, 13.03.2019
Verze SMBIOS 3.1
Verze integrovaného řadiče 255.255
Režim systému BIOS UEFI
Výrobce základní desky Gigabyte Technology Co., Ltd.
Základní deska B365M D2V
Verze základní desky x.x
Role platformy Desktop
Stav zabezpečeného spouštění Vypnuto
Konfigurace PCR7 Vazba není možná
Adresář systému Windows C:\Windows
Systémový adresář C:\Windows\system32
Spouštěcí zařízení \Device\HarddiskVolume2
Národní prostředí Česko
Vrstva HAL (Hardware Abstraction Layer) Verze = "10.0.18362.387"
Uživatelské jméno DESKTOP-6TO36RH\Zdenek
Časové pásmo Střední Evropa (běžný čas)
Nainstalovaná fyzická paměť (RAM) 8,00 GB
Celková fyzická paměť 7,95 GB
Volná fyzická paměť 4,64 GB
Celková virtuální paměť 19,4 GB
Volná virtuální paměť 12,7 GB
Prostor stránkovacího souboru 11,5 GB
Stránkovací soubor C:\pagefile.sys
Ochrana přímého přístupu do paměti (DMA) u jádra Vypnuto
Zabezpečení založené na virtualizaci Nepovolené
Podpora šifrování zařízení Důvody selhání automatického šifrování zařízení: TPM není použitelné, Vazba PCR7 není podporována, Testovací rozhraní bezpečnosti hardwaru selhalo a zařízení není v moderním úsporném režimu., Byly nalezeny nedovolené sběrnice/zařízení s podporou DMA, TPM není použitelné
Hyper-V – rozšíření režimu sledování virtuálních počítačů Ano
Hyper-V – rozšíření překladu adres druhé úrovně Ano
Hyper-V – virtualizace povolená ve firmwaru Ano
Hyper-V – ochrana spouštění dat Ano

RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Zdenek at 2020-03-14 13:28:53
Microsoft Windows 10 Home
System drive C: has 110 GB (48%) free of 228 GB
Total RAM: 8136 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:29:02, on 14.03.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)
Boot mode: Normal

Running processes:
C:\Users\Zdenek\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\trend micro\Zdenek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zdenek\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [AMDDVR] "C:\Program Files\AMD\CNext\CNext\amddvr.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atiesrxx.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_5ca46 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\Windows\System32\RtkAudUService64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8995 bytes

======Listing Processes======









C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
"fontdrvhost.exe"
C:\Windows\system32\svchost.exe -k RPCSS -p
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s hidserv
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atiesrxx.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache

C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\System32\svchost.exe -k utcsvc -p
C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Windows\System32\RtkAudUService64.exe"

C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
dashost.exe {216a0d0d-e654-460c-9e13b55c7b495cc0}
C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s FDResPub
C:\Windows\System32\svchost.exe -k netsvcs
sihost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
"ctfmon.exe"
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe" -ServerName:App.AppXffn3yxqvgawq9fpmnhy90fr3y01d1t5b.mca
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe" -ServerName:SkypeBackgroundHost
C:\Windows\System32\svchost.exe -k netsvcs -p
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20012.135.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\System32\SecurityHealthSystray.exe"

"C:\Windows\System32\RtkAudUService64.exe" -background
"C:\Users\Zdenek\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe" atlogon
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
"C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
"C:\Program Files\AMD\CNext\CNext\amdow.exe" 8660
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20012.135.0_x64__8wekyb3d8bbwe\YourPhoneServer/YourPhoneServer.exe" -Embedding

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\Windows\System32\usocoreworker.exe -Embedding
"C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe" -ServerName:App.AppXagta193n5rpf7mheremt3yyfa1g555vc.mca
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
C:\Windows\System32\CompPkgSrv.exe -Embedding

"C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe" -ServerName:WindowsDefaultLockScreen.AppX7y4nbzq37zn4ks9k7amqjywdat7d3j2z.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
"C:\Program Files\Mozilla Firefox\firefox.exe" -private-window
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8632.0.2032427826\1541670480" -parentBuildID 20200309095159 -prefsHandle 1560 -prefMapHandle 1552 -prefsLen 1 -prefMapSize 227265 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 8632 "\\.\pipe\gecko-crash-server-pipe.8632" 1660 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8632.3.458002985\1149602587" -childID 1 -isForBrowser -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 68 -prefMapSize 227265 -parentBuildID 20200309095159 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 8632 "\\.\pipe\gecko-crash-server-pipe.8632" 2420 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8632.13.1045213445\203628327" -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 6371 -prefMapSize 227265 -parentBuildID 20200309095159 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 8632 "\\.\pipe\gecko-crash-server-pipe.8632" 3736 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8632.20.1314016523\1809715756" -childID 3 -isForBrowser -prefsHandle 4468 -prefMapHandle 4444 -prefsLen 7103 -prefMapSize 227265 -parentBuildID 20200309095159 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 8632 "\\.\pipe\gecko-crash-server-pipe.8632" 4476 tab
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="8632.27.123237092\318087809" -childID 4 -isForBrowser -prefsHandle 3684 -prefMapHandle 2352 -prefsLen 7690 -prefMapSize 227265 -parentBuildID 20200309095159 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 8632 "\\.\pipe\gecko-crash-server-pipe.8632" 8456 tab

C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\AUDIODG.EXE 0x77c
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Users\Zdenek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

======Scheduled tasks folder======

C:\Windows\tasks\CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK

=========Mozilla firefox=========

ProfilePath - C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\29tv0l49.default-release

prefs.js - "browser.search.suggest.enabled" - false

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.344 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 32.0.0.344 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Windows\system32\SecurityHealthSystray.exe [2019-03-19 84992]
"RtkAudUService"=C:\Windows\System32\RtkAudUService64.exe [2019-10-29 856288]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2019-03-25 89544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Zdenek\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2020-02-25 1573432]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2020-02-11 3365840]
"AMDDVR"=C:\Program Files\AMD\CNext\CNext\amddvr.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AudioSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CBDHSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudAddService.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HdAudBus.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\usbaudio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinQuic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"aux"=wdmaud.drv
"midi"=wdmaud.drv
"midimapper"=midimap.dll
"mixer"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wave"=wdmaud.drv
"wavemapper"=msacm32.drv
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2020-03-14 13:28:53 ----D---- C:\rsit
2020-03-14 13:28:53 ----D---- C:\Program Files\trend micro
2020-03-13 22:29:16 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2020-03-13 22:29:15 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-03-13 21:26:43 ----HD---- C:\$SysReset
2020-03-13 19:06:38 ----A---- C:\Windows\system32\drivers\MbamElam.sys
2020-03-13 19:06:37 ----A---- C:\Windows\system32\drivers\mbae64.sys
2020-03-13 19:06:29 ----D---- C:\ProgramData\Malwarebytes
2020-03-13 19:06:19 ----D---- C:\Program Files\Malwarebytes
2020-03-12 22:57:28 ----D---- C:\Program Files\Mozilla Firefox
2020-03-11 10:13:43 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2020-03-11 10:13:43 ----A---- C:\Windows\system32\poqexec.exe
2020-03-09 18:09:46 ----A---- C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-09 18:09:46 ----A---- C:\Windows\system32\vulkaninfo.exe
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\vulkaninfo.exe
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\vulkan-1-999-0-0-0.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\vulkan-1.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\RapidFireServer.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\Rapidfire.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\mcl32.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\mantleaxl32.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\mantle32.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\GameManager32.dll
2020-03-09 18:09:45 ----A---- C:\Windows\SYSWOW64\detoured.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\vulkan-1.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\RapidFireServer64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\Rapidfire64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\mcl64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\mantleaxl64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\mantle64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\GameManager64.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\EEURestart.exe
2020-03-09 18:09:45 ----A---- C:\Windows\system32\dgtrayicon.exe
2020-03-09 18:09:45 ----A---- C:\Windows\system32\detoured.dll
2020-03-09 18:09:45 ----A---- C:\Windows\system32\clinfo.exe
2020-03-09 18:09:38 ----A---- C:\Windows\SYSWOW64\atisamu32.dll
2020-03-09 18:09:38 ----A---- C:\Windows\system32\atisamu64.dll
2020-03-09 18:09:37 ----A---- C:\Windows\system32\atimuixx.dll
2020-03-09 18:09:37 ----A---- C:\Windows\system32\atimpc64.dll
2020-03-09 18:09:36 ----A---- C:\Windows\SYSWOW64\atimpc32.dll
2020-03-09 18:09:35 ----A---- C:\Windows\SYSWOW64\atigktxx.dll
2020-03-09 18:09:35 ----A---- C:\Windows\SYSWOW64\atieah32.exe
2020-03-09 18:09:35 ----A---- C:\Windows\SYSWOW64\atidxx32.dll
2020-03-09 18:09:35 ----A---- C:\Windows\system32\atig6txx.dll
2020-03-09 18:09:35 ----A---- C:\Windows\system32\atieclxx.exe
2020-03-09 18:09:35 ----A---- C:\Windows\system32\atieah64.exe
2020-03-09 18:09:35 ----A---- C:\Windows\system32\atidxx64.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\aticfx32.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\atiadlxy.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\atiadlxx.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\amfrt32.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\amf-mft-mjpeg-decoder32.dll
2020-03-09 18:09:34 ----A---- C:\Windows\SYSWOW64\amdxc32.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\atidemgy.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\aticfx64.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\ati2erec.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\amfrt64.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-03-09 18:09:34 ----A---- C:\Windows\system32\amdxc64.dll
2020-03-09 18:09:33 ----A---- C:\Windows\SYSWOW64\amdpcom32.dll
2020-03-09 18:09:33 ----A---- C:\Windows\system32\amdpcom64.dll
2020-03-09 18:09:31 ----A---- C:\Windows\SYSWOW64\amdmcl32.dll
2020-03-09 18:09:31 ----A---- C:\Windows\system32\amdmiracast.dll
2020-03-09 18:09:31 ----A---- C:\Windows\system32\amdmcl64.dll
2020-03-09 18:09:30 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2020-03-09 18:09:30 ----A---- C:\Windows\SYSWOW64\amdlvr32.dll
2020-03-09 18:09:30 ----A---- C:\Windows\SYSWOW64\amdihk32.dll
2020-03-09 18:09:30 ----A---- C:\Windows\SYSWOW64\amdgfxinfo32.dll
2020-03-09 18:09:30 ----A---- C:\Windows\SYSWOW64\amdave32.dll
2020-03-09 18:09:30 ----A---- C:\Windows\system32\OpenCL.dll
2020-03-09 18:09:30 ----A---- C:\Windows\system32\amdlvr64.dll
2020-03-09 18:09:30 ----A---- C:\Windows\system32\amdlogum.exe
2020-03-09 18:09:30 ----A---- C:\Windows\system32\amdhip64.dll
2020-03-09 18:09:30 ----A---- C:\Windows\system32\amdgfxinfo64.dll
2020-03-09 18:09:30 ----A---- C:\Windows\system32\amdave64.dll
2020-03-09 18:09:29 ----A---- C:\Windows\SYSWOW64\amd_comgr32.dll
2020-03-09 18:09:29 ----A---- C:\Windows\system32\amd_comgr.dll
2020-02-25 19:44:20 ----D---- C:\Users\Zdenek\AppData\Roaming\dvdcss

======List of files/folders modified in the last 1 month======

2020-03-14 13:29:01 ----D---- C:\Windows\Temp
2020-03-14 13:29:00 ----D---- C:\Windows\system32\sru
2020-03-14 13:28:53 ----RD---- C:\Program Files
2020-03-14 13:26:15 ----D---- C:\Windows\Prefetch
2020-03-14 13:25:47 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2020-03-14 13:25:46 ----D---- C:\Windows\system32\SleepStudy
2020-03-14 10:23:51 ----D---- C:\Windows\system32\config
2020-03-14 10:01:53 ----D---- C:\Windows\CbsTemp
2020-03-14 09:54:13 ----D---- C:\Program Files (x86)\Steam
2020-03-14 09:49:21 ----D---- C:\Windows\System32
2020-03-14 09:49:21 ----D---- C:\Windows\INF
2020-03-14 09:49:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-03-14 09:43:45 ----D---- C:\Windows\system32\drivers
2020-03-13 22:29:15 ----D---- C:\Windows\system32\catroot2
2020-03-13 22:09:31 ----D---- C:\Windows\WinSxS
2020-03-13 21:44:24 ----D---- C:\Windows
2020-03-13 20:23:09 ----D---- C:\Windows\SoftwareDistribution
2020-03-13 19:06:38 ----HD---- C:\Windows\ELAMBKUP
2020-03-13 19:06:29 ----HD---- C:\ProgramData
2020-03-13 19:02:53 ----D---- C:\Windows\system32\Tasks
2020-03-13 19:02:41 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2020-03-13 18:45:27 ----RD---- C:\Windows\Microsoft.NET
2020-03-13 18:33:03 ----RD---- C:\Program Files (x86)
2020-03-13 10:42:26 ----SHD---- C:\System Volume Information
2020-03-13 10:40:18 ----D---- C:\Windows\AppReadiness
2020-03-11 20:12:55 ----HD---- C:\Program Files\WindowsApps
2020-03-11 18:05:59 ----D---- C:\Windows\SysWOW64
2020-03-11 18:05:55 ----D---- C:\Windows\system32\Macromed
2020-03-11 18:05:54 ----D---- C:\Windows\SYSWOW64\Macromed
2020-03-11 10:16:55 ----D---- C:\Windows\system32\MRT
2020-03-11 10:15:51 ----AC---- C:\Windows\system32\MRT.exe
2020-03-10 10:17:19 ----D---- C:\Windows\system32\LogFiles
2020-03-09 19:20:35 ----D---- C:\Windows\system32\DriverStore
2020-03-09 18:11:28 ----SHD---- C:\Windows\Installer
2020-03-09 18:11:28 ----SHD---- C:\Config.Msi
2020-03-09 18:11:27 ----D---- C:\Program Files\AMD
2020-03-09 18:09:46 ----D---- C:\AMD
2020-03-09 18:05:48 ----D---- C:\AdwCleaner
2020-03-06 15:18:53 ----D---- C:\Users\Zdenek\AppData\Roaming\vlc
2020-03-02 17:36:30 ----A---- C:\Windows\system32\atiadlxx.dll
2020-03-02 17:36:00 ----A---- C:\Windows\system32\amdihk64.dll
2020-02-28 13:09:45 ----D---- C:\Windows\system32\drivers\wd

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;@oem6.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2019-12-17 103456]
R0 iaStorAC;@oem20.inf,%iaStorAC.DeviceDesc%;Intel(R) Chipset SATA/PCIe RST Premium Controller; C:\Windows\System32\drivers\iaStorAC.sys [2019-03-25 1017200]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2019-03-19 56632]
R0 SgrmAgent;@%SystemRoot%\System32\Drivers\SgrmAgent.sys,-1001; C:\Windows\system32\drivers\SgrmAgent.sys [2019-03-19 89096]
R1 afunix;afunix; C:\Windows\system32\drivers\afunix.sys [2019-03-19 40960]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2019-03-19 70456]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2019-03-19 59392]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2019-03-19 8704]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2019-12-14 457216]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2020-03-13 214496]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2019-03-19 53760]
R3 amdkmdag;amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atikmdag.sys [2020-03-02 65731088]
R3 AMDKMDAP;AMDKMDAP; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atikmpag.sys [2020-03-02 589840]
R3 AtiHDAudioService;@oem26.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdWT6.sys [2019-11-18 108152]
R3 bindflt;@%systemroot%\system32\drivers\bindflt.sys,-100; C:\Windows\system32\drivers\bindflt.sys [2019-10-11 117048]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2019-10-29 6849832]
R3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-03-14 248968]
R3 MEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys [2019-04-17 266128]
R3 rt640x64;@oem32.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2019-11-20 1167768]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2019-03-19 42808]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2019-03-19 319528]
S0 iaStorAVC;@iastorav.inf,%iaStorAVC.DeviceDesc%;Intel Chipset SATA RAID Controller; C:\Windows\System32\drivers\iaStorAVC.sys [2019-03-19 885048]
S0 ItSas35i;ItSas35i; C:\Windows\System32\drivers\ItSas35i.sys [2019-03-19 148520]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2019-03-19 124448]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2019-03-19 128528]
S0 MbamElam;MbamElam; C:\Windows\system32\DRIVERS\MbamElam.sys [2020-03-13 20936]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2019-03-19 75280]
S0 megasas35i;megasas35i; C:\Windows\System32\drivers\megasas35i.sys [2019-03-19 94736]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2019-03-19 58896]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2019-03-19 68624]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2019-03-19 41784]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2019-03-19 151352]
S0 SmartSAMD;SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [2019-03-19 220176]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2019-03-19 20992]
S3 Acx01000;@%SystemRoot%\system32\drivers\Acx01000.sys,-1000; C:\Windows\system32\drivers\Acx01000.sys [2019-03-19 337920]
S3 amdgpio2;@amdgpio2.inf,%GPIO.SvcDesc%;AMD GPIO Client Driver; C:\Windows\System32\drivers\amdgpio2.sys [2019-03-19 18432]
S3 amdi2c;@amdi2c.inf,%amdi2c.SVCDESC%;AMD I2C Controller Service; C:\Windows\System32\drivers\amdi2c.sys [2019-03-19 37888]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2019-11-12 18432]
S3 BthA2dp;@microsoft_bluetooth_a2dp.inf,%BthA2dp.ServiceDescription%;Microsoft Bluetooth A2dp driver; C:\Windows\System32\drivers\BthA2dp.sys [2019-09-14 231936]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2019-11-12 114688]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [2019-03-19 97280]
S3 BthMini;@bth.inf,%BTHMINI.SvcDesc%;Bluetooth Radio Driver; C:\Windows\System32\drivers\BTHMINI.sys [2019-11-12 36864]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\drivers\BTHport.sys [2019-11-12 1428992]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\drivers\BTHUSB.sys [2019-11-12 98304]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2019-03-19 43008]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2019-03-19 64312]
S3 gdrv2;gdrv2; \??\C:\Windows\gdrv2.sys [2019-09-10 32008]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\DriverStore\FileRepository\genericusbfn.inf_amd64_b9c53b80e63af230\genericusbfn.sys [2019-09-14 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2019-03-19 53560]
S3 hidspi;@hidspi_km.inf,%hidspi.SVCDESC%;Microsoft SPI HID Miniport Driver; C:\Windows\System32\drivers\hidspi.sys [2019-10-04 64000]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2019-11-12 84488]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2019-03-19 28672]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2019-03-19 1866768]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2019-03-19 36352]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2019-03-19 91136]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2019-03-19 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2019-03-19 93184]
S3 iaLPSS2i_GPIO2_CNL;@iaLPSS2i_GPIO2_CNL.inf,%iaLPSS2i_GPIO2_CNL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [2019-03-19 112128]
S3 iaLPSS2i_GPIO2_GLK;@iaLPSS2i_GPIO2_GLK.inf,%iaLPSS2i_GPIO2_GLK.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [2019-03-19 96256]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2019-03-19 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2019-03-19 175104]
S3 iaLPSS2i_I2C_CNL;@iaLPSS2i_I2C_CNL.inf,%iaLPSS2i_I2C_CNL.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [2019-03-19 180736]
S3 iaLPSS2i_I2C_GLK;@iaLPSS2i_I2C_GLK.inf,%iaLPSS2i_I2C_GLK.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [2019-03-19 177664]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2019-03-19 566800]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2019-03-19 46592]
S3 intelpmax;@intelpmax.inf,%SvcDesc%;Intel Power Limit Driver; C:\Windows\System32\drivers\intelpmax.sys [2019-03-19 28672]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2019-03-19 54584]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2019-03-19 535864]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2019-03-19 62264]
S3 MbbCx;MBB Network Adapter Class Extension; C:\Windows\system32\drivers\MbbCx.sys [2019-11-12 359424]
S3 Microsoft_Bluetooth_AvrcpTransport;@microsoft_bluetooth_avrcptransport.inf,%Microsoft_Bluetooth_AvrcpTransport.ServiceDescription%;Microsoft Bluetooth Avrcp Transport Driver; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [2019-03-19 64512]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2019-03-19 1150480]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2019-03-19 153616]
S3 NDKPing;NDKPing Driver; C:\Windows\system32\drivers\NDKPing.sys [2019-03-19 63488]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2019-03-19 187904]
S3 nvdimm;@nvdimm.inf,%nvdimm.SvcDesc%;Microsoft NVDIMM device driver; C:\Windows\System32\drivers\nvdimm.sys [2019-03-19 158520]
S3 PktMon;Packet Monitor Driver; C:\Windows\system32\drivers\PktMon.sys [2019-03-19 96056]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2019-03-19 127800]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2019-03-19 17408]
S3 portcfg;portcfg; C:\Windows\System32\drivers\portcfg.sys [2019-03-19 25600]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2019-12-14 986936]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2019-03-19 211456]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2019-03-19 113152]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2019-03-19 33592]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [2019-03-19 76088]
S4 hvcrash;hvcrash; C:\Windows\System32\drivers\hvcrash.sys [2019-03-19 32568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2019-09-10 88136]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atiesrxx.exe [2020-03-02 522256]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R2 CDPUserSvc_5ca46;CDPUserSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R2 DispBrokerDesktopSvc;@%SystemRoot%\system32\dispbroker.desktop.dll,-101; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2019-03-25 16840]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2018-11-16 218176]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2018-11-16 625240]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2020-03-13 6933272]
R2 OneSyncSvc_5ca46;OneSyncSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R2 RtkAudioUniversalService;Realtek Audio Universal Service; C:\Windows\System32\RtkAudUService64.exe [2019-10-29 856288]
R2 SgrmBroker;@%SystemRoot%\System32\SgrmBroker.exe,-100; C:\Windows\system32\SgrmBroker.exe [2019-03-19 263904]
R3 BthAvctpSvc;@%SystemRoot%\system32\BthAvctpSvc.dll,-101; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R3 cbdhsvc_5ca46;cbdhsvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2019-03-19 53744]
R3 PimIndexMaintenanceSvc_5ca46;PimIndexMaintenanceSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R3 PrintWorkflowUserSvc_5ca46;PrintWorkflowUserSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
R3 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\Windows\system32\SecurityHealthService.exe [2019-09-14 913168]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S2 Intel(R) TPM Provisioning Service;Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [2018-09-14 705760]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 AarSvc;@%SystemRoot%\system32\AarSvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 AarSvc_5ca46;AarSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2020-03-11 335416]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 autotimesvc;@%SystemRoot%\System32\autotimesvc.dll,-6; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 BcastDVRUserService;@%SystemRoot%\system32\BcastDVRUserService.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 BcastDVRUserService_5ca46;BcastDVRUserService_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 BluetoothUserService;@%SystemRoot%\system32\Microsoft.Bluetooth.UserService.dll,-101; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 BluetoothUserService_5ca46;BluetoothUserService_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 BTAGService;@%SystemRoot%\system32\BTAGService.dll,-101; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 CaptureService;@%SystemRoot%\system32\CaptureService.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 CaptureService_5ca46;CaptureService_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 cbdhsvc;@%SystemRoot%\system32\cbdhsvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 ConsentUxUserSvc;@%SystemRoot%\system32\ConsentUxClient.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 ConsentUxUserSvc_5ca46;ConsentUxUserSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 CredentialEnrollmentManagerUserSvc;@%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100; C:\Windows\system32\CredentialEnrollmentManager.exe [2019-03-19 380120]
S3 CredentialEnrollmentManagerUserSvc_5ca46;CredentialEnrollmentManagerUserSvc_5ca46; C:\Windows\system32\CredentialEnrollmentManager.exe [2019-03-19 380120]
S3 DeviceAssociationBrokerSvc;@%SystemRoot%\system32\deviceaccess.dll,-107; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DeviceAssociationBrokerSvc_5ca46;DeviceAssociationBrokerSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DevicePickerUserSvc;@%SystemRoot%\system32\Windows.Devices.Picker.dll,-1006; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DevicePickerUserSvc_5ca46;DevicePickerUserSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DevicesFlowUserSvc_5ca46;DevicesFlowUserSvc_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2019-09-14 97792]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 DisplayEnhancementService;@%SystemRoot%\System32\Microsoft.Graphics.Display.DisplayEnhancementService.dll,-1000; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2019-03-01 43704]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [2018-09-14 775904]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 LxpSvc;@%SystemRoot%\system32\LanguageOverlayServer.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 MessagingService_5ca46;MessagingService_5ca46; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2020-03-12 244936]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 perceptionsimulation;@%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [2019-03-19 103424]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2019-03-19 53744]
S3 Rockstar Service;Rockstar Game Library Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2019-12-05 474256]
S3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2019-03-19 1264128]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2019-03-19 53744]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\Windows\system32\spectrum.exe [2019-09-10 986112]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2019-03-19 53744]

-----------------EOF-----------------

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[kristian1154]

# Malwarebytes AdwCleaner 8.0.3.0
# -------------------------------
# Build: 03-03-2020
# Database: 2020-03-13.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-14-2020
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 0
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [228273 octets] - [15/09/2019 14:41:49]
AdwCleaner[S00].txt - [1388 octets] - [15/09/2019 14:42:25]
AdwCleaner[S01].txt - [1450 octets] - [21/09/2019 00:56:37]
AdwCleaner[S02].txt - [1511 octets] - [21/09/2019 00:58:34]
AdwCleaner[S03].txt - [1572 octets] - [22/09/2019 02:28:53]
AdwCleaner[S04].txt - [1633 octets] - [24/09/2019 22:43:39]
AdwCleaner[S05].txt - [1694 octets] - [26/09/2019 23:09:19]
AdwCleaner[S06].txt - [1755 octets] - [29/09/2019 01:05:03]
AdwCleaner[S07].txt - [1816 octets] - [29/09/2019 17:05:42]
AdwCleaner[S08].txt - [1877 octets] - [30/09/2019 20:45:14]
AdwCleaner[S09].txt - [1938 octets] - [30/09/2019 20:45:32]
AdwCleaner[S10].txt - [1999 octets] - [02/10/2019 18:04:57]
AdwCleaner[S11].txt - [2060 octets] - [06/10/2019 00:21:27]
AdwCleaner[S12].txt - [2121 octets] - [07/10/2019 20:44:40]
AdwCleaner[S13].txt - [2182 octets] - [09/10/2019 22:34:17]
AdwCleaner[S14].txt - [2243 octets] - [10/10/2019 23:11:16]
AdwCleaner[S15].txt - [2304 octets] - [11/10/2019 19:06:15]
AdwCleaner[S16].txt - [2365 octets] - [12/10/2019 01:13:00]
AdwCleaner[S17].txt - [2426 octets] - [12/10/2019 12:03:38]
AdwCleaner[S18].txt - [2488 octets] - [21/10/2019 17:30:28]
AdwCleaner[S19].txt - [2549 octets] - [21/10/2019 20:44:58]
AdwCleaner[S20].txt - [2610 octets] - [23/10/2019 23:50:00]
AdwCleaner[S21].txt - [2671 octets] - [25/10/2019 23:20:24]
AdwCleaner[S22].txt - [2732 octets] - [26/10/2019 13:07:03]
AdwCleaner[S23].txt - [2793 octets] - [27/10/2019 17:17:19]
AdwCleaner[S24].txt - [2854 octets] - [29/10/2019 22:51:36]
AdwCleaner[S25].txt - [2915 octets] - [02/11/2019 16:45:58]
AdwCleaner[S26].txt - [2976 octets] - [03/11/2019 22:00:29]
AdwCleaner[S27].txt - [3037 octets] - [03/11/2019 22:00:48]
AdwCleaner[S28].txt - [3098 octets] - [10/11/2019 01:33:53]
AdwCleaner[S29].txt - [3159 octets] - [10/11/2019 22:15:21]
AdwCleaner[S30].txt - [3220 octets] - [12/11/2019 22:58:39]
AdwCleaner[S31].txt - [3281 octets] - [13/11/2019 19:34:54]
AdwCleaner[S32].txt - [3342 octets] - [17/11/2019 22:33:27]
AdwCleaner[S33].txt - [3403 octets] - [18/11/2019 23:07:57]
AdwCleaner[S34].txt - [3464 octets] - [19/11/2019 22:46:59]
AdwCleaner[S35].txt - [3525 octets] - [23/11/2019 00:07:52]
AdwCleaner[S36].txt - [3586 octets] - [25/11/2019 10:58:20]
AdwCleaner[S37].txt - [3647 octets] - [25/11/2019 23:52:09]
AdwCleaner[S38].txt - [3708 octets] - [26/11/2019 17:29:28]
AdwCleaner[S39].txt - [3769 octets] - [27/11/2019 01:00:54]
AdwCleaner[S40].txt - [3830 octets] - [28/11/2019 00:14:14]
AdwCleaner[S41].txt - [3891 octets] - [28/11/2019 11:57:53]
AdwCleaner[S42].txt - [3952 octets] - [28/11/2019 15:16:04]
AdwCleaner[S43].txt - [4013 octets] - [30/11/2019 16:59:29]
AdwCleaner[S44].txt - [4074 octets] - [03/12/2019 15:43:19]
AdwCleaner[S45].txt - [4135 octets] - [07/12/2019 16:06:21]
AdwCleaner[S46].txt - [4196 octets] - [08/12/2019 22:16:46]
AdwCleaner[S47].txt - [4257 octets] - [09/12/2019 20:44:28]
AdwCleaner[S48].txt - [4318 octets] - [11/12/2019 18:07:20]
AdwCleaner[S49].txt - [4379 octets] - [12/12/2019 18:15:19]
AdwCleaner[S50].txt - [4440 octets] - [14/12/2019 17:25:16]
AdwCleaner[S51].txt - [4501 octets] - [16/12/2019 22:07:49]
AdwCleaner[S52].txt - [4562 octets] - [18/12/2019 21:55:14]
AdwCleaner[S53].txt - [4623 octets] - [21/12/2019 21:11:58]
AdwCleaner[S54].txt - [4684 octets] - [22/12/2019 12:40:35]
AdwCleaner[S55].txt - [4745 octets] - [22/12/2019 17:02:04]
AdwCleaner[S56].txt - [4806 octets] - [22/12/2019 21:46:21]
AdwCleaner[S57].txt - [4867 octets] - [29/12/2019 01:14:19]
AdwCleaner[S58].txt - [4928 octets] - [29/12/2019 22:08:57]
AdwCleaner[S59].txt - [4989 octets] - [31/12/2019 01:13:45]
AdwCleaner[S60].txt - [5050 octets] - [01/01/2020 17:48:00]
AdwCleaner[S61].txt - [5111 octets] - [01/01/2020 20:40:42]
AdwCleaner[S62].txt - [5172 octets] - [04/01/2020 16:14:00]
AdwCleaner[S63].txt - [5233 octets] - [05/01/2020 18:41:34]
AdwCleaner[S64].txt - [5294 octets] - [05/01/2020 22:18:49]
AdwCleaner[S65].txt - [5355 octets] - [11/01/2020 21:22:20]
AdwCleaner[S66].txt - [5416 octets] - [15/01/2020 22:11:03]
AdwCleaner[S67].txt - [5477 octets] - [17/01/2020 19:06:55]
AdwCleaner[S68].txt - [5538 octets] - [18/01/2020 13:23:59]
AdwCleaner[S69].txt - [5599 octets] - [18/01/2020 15:40:02]
AdwCleaner[S70].txt - [5660 octets] - [22/01/2020 20:44:16]
AdwCleaner[S71].txt - [5721 octets] - [23/01/2020 21:06:13]
AdwCleaner[S72].txt - [5782 octets] - [25/01/2020 00:51:03]
AdwCleaner[S73].txt - [5843 octets] - [25/01/2020 16:27:28]
AdwCleaner[S74].txt - [5984 octets] - [05/02/2020 10:21:54]
AdwCleaner[S75].txt - [6045 octets] - [06/02/2020 15:09:21]
AdwCleaner[S76].txt - [6106 octets] - [08/02/2020 11:30:49]
AdwCleaner[S77].txt - [6167 octets] - [10/02/2020 12:12:04]
AdwCleaner[S78].txt - [6228 octets] - [10/02/2020 20:31:30]
AdwCleaner[S79].txt - [6289 octets] - [11/02/2020 13:25:22]
AdwCleaner[S80].txt - [6350 octets] - [11/02/2020 18:00:57]
AdwCleaner[S81].txt - [6411 octets] - [12/02/2020 17:54:37]
AdwCleaner[S82].txt - [6472 octets] - [13/02/2020 12:25:24]
AdwCleaner[S83].txt - [6533 octets] - [13/02/2020 17:41:37]
AdwCleaner[S84].txt - [6594 octets] - [14/02/2020 12:41:39]
AdwCleaner[S85].txt - [6655 octets] - [17/02/2020 11:34:43]
AdwCleaner[S86].txt - [6716 octets] - [17/02/2020 20:45:39]
AdwCleaner[S87].txt - [6777 octets] - [18/02/2020 13:28:15]
AdwCleaner[S88].txt - [6838 octets] - [19/02/2020 11:02:53]
AdwCleaner[S89].txt - [6899 octets] - [20/02/2020 17:14:30]
AdwCleaner[S90].txt - [6960 octets] - [21/02/2020 21:20:18]
AdwCleaner[S91].txt - [7021 octets] - [23/02/2020 00:17:34]
AdwCleaner[S92].txt - [7082 octets] - [23/02/2020 00:17:59]
AdwCleaner[S93].txt - [7143 octets] - [24/02/2020 11:49:15]
AdwCleaner[S94].txt - [7204 octets] - [25/02/2020 14:17:51]
AdwCleaner[S95].txt - [7265 octets] - [26/02/2020 12:46:48]
AdwCleaner[S96].txt - [7326 octets] - [26/02/2020 16:34:11]
AdwCleaner[S97].txt - [7387 octets] - [27/02/2020 12:03:59]
AdwCleaner[S98].txt - [7448 octets] - [29/02/2020 13:36:20]
AdwCleaner[S99].txt - [7509 octets] - [02/03/2020 14:13:09]
AdwCleaner[S100].txt - [7571 octets] - [04/03/2020 15:02:06]
AdwCleaner[S101].txt - [7633 octets] - [05/03/2020 22:32:13]
AdwCleaner[S102].txt - [7784 octets] - [09/03/2020 18:05:04]
AdwCleaner[C102].txt - [7955 octets] - [09/03/2020 18:05:48]
AdwCleaner[S103].txt - [7819 octets] - [09/03/2020 20:43:09]
AdwCleaner[S104].txt - [7881 octets] - [13/03/2020 17:20:08]
AdwCleaner[S105].txt - [7943 octets] - [13/03/2020 19:01:59]
AdwCleaner[C105].txt - [8134 octets] - [13/03/2020 19:02:17]
AdwCleaner[S106].txt - [8067 octets] - [14/03/2020 16:59:45]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C106].txt ##########

[Rudy]

Toto je OK. Teď dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 . RSIT není s win 10 kompatibilní.

[kristian1154]

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by Zdenek (administrator) on DESKTOP-6TO36RH (Gigabyte Technology Co., Ltd. B365M D2V) (14-03-2020 18:49:51)
Running from C:\Users\Zdenek\Downloads
Loaded Profiles: Zdenek (Available Profiles: Zdenek)
Platform: Windows 10 Home Version 1903 18362.592 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atiesrxx.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Zdenek\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.19081.28230.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20012.135.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [318920 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3365840 2020-02-11] (Valve -> Valve Corporation)
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\Run: [AMDDVR] => "C:\Program Files\AMD\CNext\CNext\amddvr.exe"
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\MountPoints2: {af5f6a3a-d3dd-11e9-8899-806e6f6e6963} - "D:\Run.exe"

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B753D2-D8F5-4CD7-8C4B-079BF9DB56E3} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_344_Plugin.exe [1458232 2020-03-11] (Adobe Inc. -> Adobe)
Task: {164F2E08-1DB2-4A65-BD9B-D4D2629849FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {18E865F6-096C-4AAF-A684-1803FD1C4D50} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2551E7EB-1D40-49BD-950D-92E35E920FB9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {39228A97-9D96-44F7-82F7-F58D50251E4C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {3E15FF9A-8487-4F1B-AC04-B416609A1B9C} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [1122920 2020-02-29] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3E6ACA57-F8D6-49EE-8149-27EBB66E283F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MpCmdRun.exe [473544 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4DDFF584-4860-43CF-A1AA-E4C80E3E87EF} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [837344 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {5D0EDAAC-5EA4-4941-95E3-BEEFACC9EF18} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60008 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {A4B1E22C-C0F0-4498-ABB9-78063FCA38BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-03-11] (Adobe Inc. -> Adobe)
Task: {F308943F-2D7C-4261-AE18-B2412B2CBEDE} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [67688 2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{4bfbfd33-3f85-4932-ac8d-769a704b66c2}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{519f8a10-62da-4c30-9594-5eed6bdc40db}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{6d219bf1-8025-4e38-999a-01cbc58c365c}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{dc481473-dd5f-4e16-ae13-c07537b9873d}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2094399493-2176933488-2306491872-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

Edge:
======
DownloadDir: C:\Users\Zdenek\Downloads

FireFox:
========
FF DefaultProfile: hafeu2bx.default
FF ProfilePath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\hafeu2bx.default [2019-09-14]
FF ProfilePath: C:\Users\Zdenek\AppData\Roaming\Mozilla\Firefox\Profiles\29tv0l49.default-release [2020-03-14]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_344.dll [2020-03-11] (Adobe Inc. -> )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-02-04] (Adobe Inc. -> Adobe Systems Inc.)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atiesrxx.exe [522256 2020-03-02] (Advanced Micro Devices, Inc. -> AMD)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [775904 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [705760 2018-09-14] (Intel(R) Trust Services -> Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [218176 2018-11-16] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-13] (Malwarebytes Inc -> Malwarebytes)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [474256 2019-12-05] (Rockstar Games, Inc. -> Rockstar Games)
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\MsMpEng.exe [103168 2020-02-28] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atikmdag.sys [65731088 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDKMDAP; C:\Windows\System32\DriverStore\FileRepository\u0352369.inf_amd64_275818c45a90b362\B352355\atikmpag.sys [589840 2020-03-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103456 2019-12-17] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-11-18] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 gdrv2; C:\Windows\gdrv2.sys [32008 2019-09-10] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R0 iaStorAC; C:\Windows\System32\drivers\iaStorAC.sys [1017200 2019-03-25] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-03-13] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2020-03-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-03-14] (Malwarebytes Inc -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_85021432489d6a1c\x64\TeeDriverW8x64.sys [266128 2019-04-17] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1167768 2019-11-20] (Realtek Semiconductor Corp. -> Realtek )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45960 2020-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [376544 2020-02-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-28] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-14 18:49 - 2020-03-14 18:50 - 000014024 _____ C:\Users\Zdenek\Downloads\FRST.txt
2020-03-14 18:48 - 2020-03-14 18:50 - 000000000 ____D C:\FRST
2020-03-14 17:02 - 2020-03-14 17:02 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-03-14 16:49 - 2020-03-14 16:49 - 008199856 _____ (Malwarebytes) C:\Users\Zdenek\Desktop\AdwCleaner.exe
2020-03-14 13:28 - 2020-03-14 13:29 - 000000000 ____D C:\rsit
2020-03-14 13:28 - 2020-03-14 13:29 - 000000000 ____D C:\Program Files\trend micro
2020-03-14 12:58 - 2020-03-14 12:58 - 001222144 _____ C:\Users\Zdenek\Downloads\RSITx64.exe
2020-03-14 12:54 - 2020-03-14 12:54 - 002279936 _____ (Farbar) C:\Users\Zdenek\Downloads\FRST64.exe
2020-03-14 09:54 - 2020-03-14 17:01 - 000000000 ____D C:\Users\Zdenek\Desktop\viry
2020-03-13 22:29 - 2020-03-13 22:29 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-03-13 21:26 - 2020-03-13 21:26 - 000000000 ___HD C:\$SysReset
2020-03-13 19:51 - 2020-03-13 19:51 - 356765767 _____ C:\Users\Zdenek\Downloads\windows10.0-kb4532693-x64_e22f60a077a0ec5896266a18cc3daf26bfc29e16.msu
2020-03-13 19:48 - 2020-03-13 19:48 - 072436720 _____ C:\Users\Zdenek\Downloads\windows10.0-kb4537572-x64-ndp48_3a5beca9ff3bd1e1c72b7afa13beed94d6974ee9.msu
2020-03-13 19:46 - 2020-03-13 19:46 - 371656774 _____ C:\Users\Zdenek\Downloads\windows10.0-kb4551762-x64_dacef156c781f2018d94d5a5286076610ba97279.msu
2020-03-13 19:44 - 2020-03-13 19:44 - 371819480 _____ C:\Users\Zdenek\Downloads\windows10.0-kb4540673-x64_aefb1592e55950abcaae06f56cdc3e93aed61370.msu
2020-03-13 19:40 - 2020-03-13 19:40 - 071658580 _____ C:\Users\Zdenek\Downloads\windows10.0-kb4534132-x64-ndp48_21067bd5f9c305ee6a6cee79db6ca38587cb6ad8.msu
2020-03-13 19:06 - 2020-03-13 19:06 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-03-13 19:06 - 2020-03-13 19:06 - 000020936 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2020-03-13 19:06 - 2020-03-13 19:06 - 000002023 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-03-13 19:06 - 2020-03-13 19:06 - 000000000 ____D C:\Users\Zdenek\AppData\Local\mbamtray
2020-03-13 19:06 - 2020-03-13 19:06 - 000000000 ____D C:\Users\Zdenek\AppData\Local\mbam
2020-03-13 19:06 - 2020-03-13 19:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2020-03-13 19:06 - 2020-03-13 19:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-03-13 19:06 - 2020-03-13 19:06 - 000000000 ____D C:\Program Files\Malwarebytes
2020-03-13 19:05 - 2020-03-13 19:05 - 001928352 _____ (Malwarebytes) C:\Users\Zdenek\Downloads\MBSetup.exe
2020-03-12 22:57 - 2020-03-13 19:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-03-11 10:13 - 2020-02-11 05:48 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-03-11 10:13 - 2020-02-11 05:37 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-03-09 18:11 - 2020-03-09 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Software
2020-03-09 18:09 - 2020-03-02 17:37 - 001763344 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-03-09 18:09 - 2020-03-02 17:37 - 001763344 _____ C:\Windows\system32\vulkaninfo.exe
2020-03-09 18:09 - 2020-03-02 17:37 - 001357840 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-03-09 18:09 - 2020-03-02 17:37 - 001357840 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-03-09 18:09 - 2020-03-02 17:37 - 001083320 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 001083320 _____ C:\Windows\system32\vulkan-1.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000942168 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000942168 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000572432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000489488 _____ C:\Windows\system32\GameManager64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000483344 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000372240 _____ C:\Windows\SysWOW64\GameManager32.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000182288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000160784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000136208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000089104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mcl64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000073744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mcl32.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000045072 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2020-03-09 18:09 - 2020-03-02 17:37 - 000042000 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 062865424 _____ C:\Windows\system32\amd_comgr.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 052401168 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 004583440 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 004092944 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 001241104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 001241104 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000939536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000766992 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000758800 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000551952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000491536 _____ C:\Windows\system32\dgtrayicon.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000466960 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000464912 _____ C:\Windows\system32\amdlogum.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000449552 _____ C:\Windows\system32\atieah64.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000426512 _____ C:\Windows\system32\EEURestart.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000381968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000343568 _____ C:\Windows\SysWOW64\atieah32.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000342544 _____ C:\Windows\system32\clinfo.exe
2020-03-09 18:09 - 2020-03-02 17:36 - 000239632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000206864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000176616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000157200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000155968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000134160 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000134160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000133136 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000122384 _____ C:\Windows\system32\atidxx64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000119312 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000118800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000104976 _____ C:\Windows\SysWOW64\atidxx32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000103952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000068624 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ati2erec.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000018760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2020-03-09 18:09 - 2020-03-02 17:36 - 000018760 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 078648848 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 001684384 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 001363744 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000544696 _____ C:\Windows\system32\amdmiracast.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000482320 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000371728 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000165256 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000133312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000127104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000127104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000118224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000106208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-03-09 18:09 - 2020-03-02 17:35 - 000106208 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-03-09 18:09 - 2020-03-02 15:52 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-03-09 18:09 - 2020-03-02 15:52 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-03-09 18:09 - 2020-03-02 15:52 - 000543136 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-03-09 18:09 - 2020-03-02 15:52 - 000543136 _____ C:\Windows\system32\atiapfxx.blb
2020-03-04 16:33 - 2020-03-04 16:38 - 3447917673 _____ C:\Users\Zdenek\Downloads\Mafia1CommunityModPack.5.zip
2020-02-25 19:44 - 2020-02-25 19:44 - 000000000 ____D C:\Users\Zdenek\AppData\Roaming\dvdcss
2020-02-14 12:46 - 2020-02-14 12:46 - 000000000 __SHD C:\found.014
2020-02-14 12:46 - 2020-02-14 12:46 - 000000000 __SHD C:\found.013

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-14 18:46 - 2019-09-10 15:14 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-03-14 18:46 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-03-14 17:06 - 2019-09-10 15:21 - 001697322 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-14 17:06 - 2019-03-19 12:55 - 000718044 _____ C:\Windows\system32\perfh005.dat
2020-03-14 17:06 - 2019-03-19 12:55 - 000145622 _____ C:\Windows\system32\perfc005.dat
2020-03-14 17:06 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-03-14 17:05 - 2019-09-14 21:03 - 000000000 ____D C:\Users\Zdenek\AppData\LocalLow\Mozilla
2020-03-14 17:03 - 2019-09-21 22:09 - 000000000 ____D C:\Program Files (x86)\Steam
2020-03-14 17:02 - 2019-09-10 15:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-03-14 17:01 - 2019-09-10 15:18 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-03-14 17:01 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-03-14 16:56 - 2019-09-25 20:19 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-03-14 15:50 - 2019-09-11 08:11 - 000004214 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{AB6E4F56-8BB0-436F-9F06-3F9EF2A02E7D}
2020-03-14 10:01 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-03-13 21:24 - 2019-09-28 14:08 - 000000000 ____D C:\Users\Zdenek\AppData\Local\D3DSCache
2020-03-13 19:06 - 2019-09-28 14:20 - 000000000 ____D C:\Users\Zdenek\AppData\Local\cache
2020-03-13 19:06 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-03-13 19:02 - 2019-09-14 21:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-03-13 18:45 - 2019-11-22 19:07 - 000000000 ____D C:\Users\Zdenek\AppData\Local\ElevatedDiagnostics
2020-03-13 10:49 - 2019-09-14 21:03 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-03-13 10:40 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2020-03-11 20:12 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-11 18:05 - 2019-09-20 22:17 - 000004614 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-03-11 18:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-03-11 18:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Macromed
2020-03-11 10:16 - 2019-09-10 15:20 - 000000000 ____D C:\Windows\system32\MRT
2020-03-11 10:15 - 2019-09-10 15:20 - 121542864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-03-09 18:11 - 2019-09-28 16:50 - 000000000 ____D C:\Program Files\AMD
2020-03-09 18:09 - 2019-09-10 15:18 - 000000000 ____D C:\AMD
2020-03-09 18:05 - 2019-09-15 13:41 - 000000000 ____D C:\AdwCleaner
2020-03-06 15:18 - 2019-09-29 16:19 - 000000000 ____D C:\Users\Zdenek\AppData\Roaming\vlc
2020-03-02 17:36 - 2020-01-27 22:44 - 001728528 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-03-02 17:36 - 2020-01-27 22:44 - 000195656 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdihk64.dll
2020-02-28 13:09 - 2019-09-10 15:14 - 000000000 ____D C:\Windows\system32\Drivers\wd
2020-02-27 10:21 - 2019-09-10 15:17 - 000000000 ____D C:\Users\Zdenek\AppData\Local\Packages
2020-02-25 18:02 - 2019-09-10 15:19 - 000003382 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2094399493-2176933488-2306491872-1001
2020-02-25 18:02 - 2019-09-10 15:19 - 000000000 ___RD C:\Users\Zdenek\OneDrive
2020-02-25 18:02 - 2019-09-10 15:17 - 000002370 _____ C:\Users\Zdenek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-02-14 23:55 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SecureBootUpdates

==================== Files in the root of some directories ========

2019-11-09 23:09 - 2020-01-11 21:54 - 042886902 _____ () C:\Users\Zdenek\AppData\Roaming\gta5_patch.bin
2019-11-09 23:09 - 2019-11-09 23:09 - 000332800 _____ () C:\Users\Zdenek\AppData\Roaming\patcher.dll

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by Zdenek (14-03-2020 18:50:31)
Running from C:\Users\Zdenek\Downloads
Windows 10 Home Version 1903 18362.592 (X64) (2019-09-10 14:16:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2094399493-2176933488-2306491872-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2094399493-2176933488-2306491872-503 - Limited - Disabled)
Guest (S-1-5-21-2094399493-2176933488-2306491872-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2094399493-2176933488-2306491872-504 - Limited - Disabled)
Zdenek (S-1-5-21-2094399493-2176933488-2306491872-1001 - Administrator - Enabled) => C:\Users\Zdenek

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 19.02 alpha (x64) (HKLM\...\7-Zip) (Version: 19.02 alpha - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.006.20034 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.344 - Adobe)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISER_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISER_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISER_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.2.2 - Advanced Micro Devices, Inc.)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.2.6.1027 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{ffddf9dd-c47f-453a-92f5-ac6c98af8b5b}) (Version: 10.1.17968.8131 - Intel(R) Corporation)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 74.0 (x64 cs) (HKLM\...\Mozilla Firefox 74.0 (x64 cs)) (Version: 74.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.17.199 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.4.3 - Rockstar Games)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0-2) (Version: 1.0.54.0 - LunarG, Inc.)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.32.4.0_x86__kgqvnymyfvs32 [2020-03-05] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-06] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-06] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-09-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-02-27] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-05] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-11-30] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-13] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-02-28] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-09-05] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-13] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-07-18 10:16 - 2019-07-18 10:16 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2020-02-28 18:22 - 2020-02-28 18:22 - 001518592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files\AMD\WVR\OpenVR\bin\win64\driver_amdwvr.dll
2019-09-22 14:28 - 2019-09-05 20:00 - 000076800 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-02-28 18:30 - 2020-02-28 18:30 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 10:16 - 2019-07-18 10:16 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 10:17 - 2019-07-18 10:17 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-02-28 18:30 - 2020-02-28 18:30 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6738E0FA-A41D-43B8-8A71-D896AD4C9F8B}] => (Allow) C:\Users\Zdenek\AppData\Local\Temp\7zS3D64\HP.EasyStart.exe No File
FirewallRules: [{839A51C4-C3D7-480F-8665-0A59C0F91F86}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3E30C241-567F-4856-84FC-58D60508A8BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CC7ACFEC-9ED1-4B9C-AC70-62E5CE6D1C6F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{67890A72-7735-4809-962A-01B4118C61F8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{9080BD54-1C3E-4645-866A-9A49DC34E982}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{F34AB77D-C02C-4E15-BD0A-9A07D7D655B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD5B86C2-D92D-44B1-B4BF-27DD69642826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{4D5126ED-B62A-4DD2-9866-75BD20825BBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{674401BD-3B15-4E6C-BF75-C4410F17599D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File
FirewallRules: [{5304CE0A-1B84-4969-82A9-53C5FAC51C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File
FirewallRules: [{888A2384-A341-4E91-BD4D-7B2FE505D090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe () [File not signed]
FirewallRules: [{424724F6-9A6E-471F-846F-1A008DA3C253}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe () [File not signed]
FirewallRules: [{52578D52-5247-463C-BC22-846BB194BD42}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5F6E7ECC-F4C1-4B40-8238-4D9EEB5D4418}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4671E375-2C8F-4CFE-A2AF-A95ED0975A59}] => (Allow) E:\SteamLibrary\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{1F701585-D0DD-44BA-949C-8467BE136BA0}] => (Allow) E:\SteamLibrary\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [TCP Query User{93FE21DD-B6DF-4DAE-BDA8-8E847E911300}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [UDP Query User{8FB43080-15A5-4A48-A3C7-72196D35A111}E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{552DBF66-1781-4113-ABAE-1BCF1E3F7891}] => (Block) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{ACE6FB72-7B09-49D1-9F2B-1B1D8AAA8707}] => (Block) E:\steamlibrary\steamapps\common\grand theft auto v\gta5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{E1A90403-32E0-458D-813C-7864257944B1}] => (Allow) E:\SteamLibrary\steamapps\common\Trainz Railroad Simulator 2019\TRS19.exe (N3V Games Pty Ltd -> N3V Games Pty Ltd)
FirewallRules: [{3B509115-4FDF-42F2-98A4-448CA1054729}] => (Allow) E:\SteamLibrary\steamapps\common\Trainz Railroad Simulator 2019\TRS19.exe (N3V Games Pty Ltd -> N3V Games Pty Ltd)
FirewallRules: [{5FE23600-60BB-4EDC-AE96-93C87F4CD2D2}] => (Allow) E:\SteamLibrary\steamapps\common\Train Sim World\WindowsNoEditor\TS2Prototype.exe () [File not signed]
FirewallRules: [{461C3131-B6FF-46AA-8568-78A59CEFB53E}] => (Allow) E:\SteamLibrary\steamapps\common\Train Sim World\WindowsNoEditor\TS2Prototype.exe () [File not signed]
FirewallRules: [{A5A9B7DE-362D-419E-9443-35AA2B11C82B}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [{BCD3CBF0-3FC9-4F85-A5DA-49477B7F2705}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [TCP Query User{4D10984E-4D97-41E5-B2FD-0BC2E4CB85DF}E:\steamlibrary\steamapps\common\train sim world\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\train sim world\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe (Dovetail Games) [File not signed]
FirewallRules: [UDP Query User{94E22D34-5E30-46D1-88CD-7438818E4C01}E:\steamlibrary\steamapps\common\train sim world\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe] => (Allow) E:\steamlibrary\steamapps\common\train sim world\windowsnoeditor\ts2prototype\binaries\win64\ts2prototype-win64-shipping.exe (Dovetail Games) [File not signed]
FirewallRules: [{BB9389AE-41A8-4BAC-AF5D-061C888AF468}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{1FAD06F0-4593-4300-A6DC-20FC65A578C2}] => (Allow) E:\SteamLibrary\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{2A20FE36-2324-4F0C-A320-24787BCABCEA}] => (Allow) E:\SteamLibrary\steamapps\common\Pro Cycling Manager 2018\PCM64.exe (Focus Home Interactive -> Cyanide)
FirewallRules: [{580EB9D5-F817-461B-83CF-62289E070C12}] => (Allow) E:\SteamLibrary\steamapps\common\Pro Cycling Manager 2018\PCM64.exe (Focus Home Interactive -> Cyanide)
FirewallRules: [{85C15DC4-8EC7-4644-B492-3EFCC082E391}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{9F135961-E329-4E21-9F4C-3ABF0595EB04}] => (Allow) E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe () [File not signed]
FirewallRules: [{E4AF02B5-80AF-4723-A84E-F775C6349CC8}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{2C0DE47E-2183-406E-9D5A-FAA8164BE006}] => (Allow) E:\SteamLibrary\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )

==================== Restore Points =========================

26-02-2020 08:20:59 Windows Update
29-02-2020 09:05:12 Windows Update
03-03-2020 17:14:20 Windows Update
07-03-2020 13:18:18 Windows Update
09-03-2020 18:10:19 Radeon Installer
13-03-2020 10:42:21 Windows Update

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/14/2020 03:15:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: fontdrvhost.exe, verze: 10.0.18362.535, časové razítko: 0x68de632b
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc000041d
Posun chyby: 0x000000000009fe0b
ID chybujícího procesu: 0x910
Čas spuštění chybující aplikace: 0x01d5fa0b0141df31
Cesta k chybující aplikaci: C:\Windows\system32\fontdrvhost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 0ce4bed6-f945-4a1d-9af3-cb3314c560fb
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2020 03:15:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: fontdrvhost.exe, verze: 10.0.18362.535, časové razítko: 0x68de632b
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc000041d
Posun chyby: 0x000000000009fe0b
ID chybujícího procesu: 0x24c
Čas spuštění chybující aplikace: 0x01d5fa0b014138db
Cesta k chybující aplikaci: C:\Windows\system32\fontdrvhost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 61248c8e-296e-43d4-b51e-2797e6e03b71
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2020 03:15:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: fontdrvhost.exe, verze: 10.0.18362.535, časové razítko: 0x68de632b
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000009fe0b
ID chybujícího procesu: 0x910
Čas spuštění chybující aplikace: 0x01d5fa0b0141df31
Cesta k chybující aplikaci: C:\Windows\system32\fontdrvhost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 4e212117-5c27-4c2b-a96e-63124534c631
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2020 03:15:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: fontdrvhost.exe, verze: 10.0.18362.535, časové razítko: 0x68de632b
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000009fe0b
ID chybujícího procesu: 0x24c
Čas spuštění chybující aplikace: 0x01d5fa0b014138db
Cesta k chybující aplikaci: C:\Windows\system32\fontdrvhost.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 765b1c2b-a66e-4237-9428-9330c638f72a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2020 10:01:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wuauclt.exe, verze: 10.0.18362.449, časové razítko: 0xb8640219
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000072a6
ID chybujícího procesu: 0x1100
Čas spuštění chybující aplikace: 0x01d5f9def4d847b3
Cesta k chybující aplikaci: C:\Windows\system32\wuauclt.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 5d012cfa-4720-425a-85f8-fe208798e93f
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/13/2020 10:44:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wuauclt.exe, verze: 10.0.18362.449, časové razítko: 0xb8640219
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000072a6
ID chybujícího procesu: 0x4b8
Čas spuštění chybující aplikace: 0x01d5f91bb4fed88f
Cesta k chybující aplikaci: C:\Windows\system32\wuauclt.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 91701172-1ced-4159-9d0f-487c01f470aa
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/12/2020 06:38:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TransportFever2.exe, verze: 0.0.0.0, časové razítko: 0x5e679fd1
Název chybujícího modulu: TransportFever2.exe, verze: 0.0.0.0, časové razítko: 0x5e679fd1
Kód výjimky: 0x80000003
Posun chyby: 0x00000000022c23b7
ID chybujícího procesu: 0x1fd4
Čas spuštění chybující aplikace: 0x01d5f8820c8b022d
Cesta k chybující aplikaci: E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe
Cesta k chybujícímu modulu: E:\SteamLibrary\steamapps\common\Transport Fever 2\TransportFever2.exe
ID zprávy: ea84f8cf-524a-4687-86f2-b0da3e7050f6
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/11/2020 10:15:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wuauclt.exe, verze: 10.0.18362.449, časové razítko: 0xb8640219
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000072a6
ID chybujícího procesu: 0x1b7c
Čas spuštění chybující aplikace: 0x01d5f7855bd04504
Cesta k chybující aplikaci: C:\Windows\system32\wuauclt.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 3a9e981a-eb46-4134-ad0d-939261d6e003
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (03/14/2020 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Dynamic Application Loader Host Interface Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/14/2020 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/14/2020 05:01:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba AMD External Events Utility byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/14/2020 05:01:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Realtek Audio Universal Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (03/14/2020 10:01:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073712): 2020-02, kumulativní aktualizace pro .NET Framework 3.5 a 4.8 pro Windows 10 Version 1903 pro x64 (KB4537572).

Error: (03/14/2020 10:01:40 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x800f0831): 2020-03 Kumulativní aktualizace pro Windows 10 Version 1903 pro systémy typu x64 (KB4551762).

Error: (03/14/2020 09:43:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (22:29:12, ‎13.‎03.‎2020) bylo neočekávané.

Error: (03/14/2020 09:43:32 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.


Windows Defender:
===================================
Date: 2020-01-29 22:33:24.059
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {56F9C34B-31F3-4D38-873B-1B47B4A1532F}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-29 21:58:44.139
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {76F34787-5189-4FD2-A72B-43D7E374B0E4}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-29 20:55:35.736
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {D244BED7-3C3B-4233-9EDC-ACE4CEDAE10A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-23 17:34:07.743
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {95030AC4-A73B-49DE-9F5B-4AA3C44B60D6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-23 16:36:39.966
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {A70DFFED-0A1B-492A-AFF6-1A70F7811FDB}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-02-10 14:00:40.971
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2020-02-10 13:54:10.956
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

Date: 2020-02-10 12:56:13.809
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Windows Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Při přístupu
Kód chyby: 0x8007043c
Popis chyby: Tuto službu nelze spustit v nouzovém režimu.
Důvod: Antimalwarové bezpečnostní informace přestaly z neznámých důvodů fungovat. V některých případech se tento problém dá vyřešit restartováním služby.

CodeIntegrity:
===================================

Date: 2019-11-02 10:49:06.688
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-11-01 16:12:20.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-31 17:17:18.198
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-30 20:57:17.286
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-29 19:53:41.768
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-27 15:38:24.500
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-26 08:31:18.160
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

Date: 2019-10-25 16:57:36.809
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F2 03/13/2019
Motherboard: Gigabyte Technology Co., Ltd. B365M D2V
Processor: Intel(R) Core(TM) i3-9100F CPU @ 3.60GHz
Percentage of memory in use: 37%
Total physical RAM: 8136.34 MB
Available physical RAM: 5106.26 MB
Total Virtual: 19912.34 MB
Available Virtual: 13722.27 MB

==================== Drives ================================

Drive c: (os) (Fixed) (Total:222.94 GB) (Free:106.75 GB) NTFS
Drive e: (data) (Fixed) (Total:931.51 GB) (Free:590.91 GB) NTFS

\\?\Volume{5a34f58a-233b-42fc-8047-8b44afbb6107}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.14 GB) NTFS
\\?\Volume{a58227cc-4fd7-4b99-b674-2ac4825597be}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\MountPoints2: {af5f6a3a-d3dd-11e9-8899-806e6f6e6963} - "D:\Run.exe"
SearchScopes: HKU\S-1-5-21-2094399493-2176933488-2306491872-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{6738E0FA-A41D-43B8-8A71-D896AD4C9F8B}] => (Allow) C:\Users\Zdenek\AppData\Local\Temp\7zS3D64\HP.EasyStart.exe No File
FirewallRules: [{9080BD54-1C3E-4645-866A-9A49DC34E982}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{F34AB77D-C02C-4E15-BD0A-9A07D7D655B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD5B86C2-D92D-44B1-B4BF-27DD69642826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{4D5126ED-B62A-4DD2-9866-75BD20825BBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{674401BD-3B15-4E6C-BF75-C4410F17599D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File
FirewallRules: [{5304CE0A-1B84-4969-82A9-53C5FAC51C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File

EmptyTemp:
End

Uložte do C:\Users\Zdenek\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[kristian1154]

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by Zdenek (14-03-2020 22:32:03) Run:1
Running from C:\Users\Zdenek\Downloads
Loaded Profiles: Zdenek (Available Profiles: Zdenek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\...\MountPoints2: {af5f6a3a-d3dd-11e9-8899-806e6f6e6963} - "D:\Run.exe"
SearchScopes: HKU\S-1-5-21-2094399493-2176933488-2306491872-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FirewallRules: [{6738E0FA-A41D-43B8-8A71-D896AD4C9F8B}] => (Allow) C:\Users\Zdenek\AppData\Local\Temp\7zS3D64\HP.EasyStart.exe No File
FirewallRules: [{9080BD54-1C3E-4645-866A-9A49DC34E982}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{F34AB77D-C02C-4E15-BD0A-9A07D7D655B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{FD5B86C2-D92D-44B1-B4BF-27DD69642826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{4D5126ED-B62A-4DD2-9866-75BD20825BBA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks.exe No File
FirewallRules: [{674401BD-3B15-4E6C-BF75-C4410F17599D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File
FirewallRules: [{5304CE0A-1B84-4969-82A9-53C5FAC51C31}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RailWorks\RailWorks64.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af5f6a3a-d3dd-11e9-8899-806e6f6e6963} => removed successfully
"HKU\S-1-5-21-2094399493-2176933488-2306491872-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6738E0FA-A41D-43B8-8A71-D896AD4C9F8B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9080BD54-1C3E-4645-866A-9A49DC34E982}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F34AB77D-C02C-4E15-BD0A-9A07D7D655B0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD5B86C2-D92D-44B1-B4BF-27DD69642826}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4D5126ED-B62A-4DD2-9866-75BD20825BBA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{674401BD-3B15-4E6C-BF75-C4410F17599D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5304CE0A-1B84-4969-82A9-53C5FAC51C31}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20713521 B
Java, Flash, Steam htmlcache => 517279483 B
Windows/system/drivers => 1400102 B
Edge => 39502 B
Chrome => 0 B
Firefox => 21177855 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 366220 B
Zdenek => 8515042 B

RecycleBin => 0 B
EmptyTemp: => 550.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:32:20 ====

[Rudy]

Smazáno. Nastala nějaká změna?

[kristian1154]

Bohužel, aktualizace Windows se zase stáhly, ale instalace selhala (chyba 80073712, 800f0831)

[Rudy]

Pravděpodobně jde o chybu systému. Po virové stránce je PC v pořádku. Zkuste to podle návodu: https://support.microsoft.com/cs-cz/hel ... 4Windows10 .

[kristian1154]

Tak zatím děkuji, budu zkoušet další možnosti.

[Rudy]

Zatím nemáte zač!