Malware - Černá obrazovka s příkazovým řádkem

[zsrn01]

Dobrý den, podařilo sen nám na PC nainstalovat malware. Po spuštění a nabootování do windows se objeví pouze černá obrazovka s příkazovým řádkem.

Po vepsání explorer.exe se nám podařilo dostat na plochu a tak posíláme log. Odinstalace nedávných aplikací nepomohla. Bod obnovy nemáme. Dělá to pořád.

Děkuji za odpovědi

Zde posílám logy z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-02-2020 02
Ran by Ryzen (administrator) on DESKTOP-EJUV2JR (Gigabyte Technology Co., Ltd. A320M-H) (09-02-2020 09:10:29)
Running from C:\Users\Ryzen\Downloads
Loaded Profiles: Ryzen (Available Profiles: Ryzen)
Platform: Windows 10 Pro Version 1909 18363.535 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0348909.inf_amd64_41506e54d87e685a\B349181\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0348909.inf_amd64_41506e54d87e685a\B349181\atiesrxx.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2414456 2020-02-06] (Wargaming.net Limited -> Wargaming.net)
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\Installer\chrmstp.exe [2020-01-23] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2019-12-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0319E1E1-518E-424F-9C3D-B98F5BDCC367} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
Task: {0AD4EAF5-B386-4805-A889-31F8B000FB67} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-11-27] (Advanced Micro Devices, Inc.) [File not signed]
Task: {0CDD3041-F816-41CF-B3DB-83AD81197F15} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [891576 2019-11-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {6172FA0E-B5BA-42DF-84E1-B82186987EBD} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-11-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7F80E493-FF8F-45CD-8014-2B77179A8BB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
Task: {B9506999-0495-4450-80CB-5C69B19396E4} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-11-27] (Advanced Micro Devices, Inc.) [File not signed]
Task: {C5B1DB01-D0BF-470A-8148-BD1A6EEE4D77} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [770344 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {DD66A8E0-66FE-4D91-B1DA-47F16C6A0242} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-11-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {DE21B520-7730-4C79-A95F-AE887B060C6E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1240656 2019-09-10] (Adobe Inc. -> Adobe Systems)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{83ebfb9a-74df-4814-ba7e-9e7bf76b559c}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d575157b-b5f7-4fd1-9e88-39ca2c891fb5}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================

Edge:
======
DownloadDir: C:\Users\Ryzen\Downloads

FireFox:
========
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-12-17] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-01-05]
CHR Profile: C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1 [2020-02-09]
CHR Notifications: Profile 1 -> hxxps://www.reddit.com
CHR HomePage: Profile 1 -> hxxp://www.seznam.cz/
CHR StartupUrls: Profile 1 -> "hxxp://www.seznam.cz/"
CHR Extension: (Prezentace) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-09]
CHR Extension: (Dokumenty) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-09]
CHR Extension: (Disk Google) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-09]
CHR Extension: (YouTube) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-09]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-12-30]
CHR Extension: (Tabulky) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-15]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-09]
CHR Extension: (Gmail) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-17]
CHR Profile: C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-12-10]
CHR Extension: (Prezentace) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-10]
CHR Extension: (Dokumenty) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-10]
CHR Extension: (Disk Google) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-12-10]
CHR Extension: (YouTube) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-10]
CHR Extension: (Tabulky) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-10]
CHR Extension: (Dokumenty Google offline) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-12-10]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-10]
CHR Extension: (Gmail) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-12-10]
CHR Extension: (Chrome Media Router) - C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-12-10]
CHR Profile: C:\Users\Ryzen\AppData\Local\Google\Chrome\User Data\System Profile [2019-12-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\u0348909.inf_amd64_41506e54d87e685a\B349181\atiesrxx.exe [509144 2019-12-02] (Advanced Micro Devices, Inc. -> AMD)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioUniversalService; C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5796168 2019-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2019-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [46040 2019-10-30] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24528 2019-04-18] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\u0348909.inf_amd64_41506e54d87e685a\B349181\atikmdag.sys [60671704 2019-12-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\u0348909.inf_amd64_41506e54d87e685a\B349181\atikmpag.sys [598232 2019-12-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [103664 2019-12-02] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [32520 2019-09-17] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [138064 2019-06-27] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [136040 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1167768 2019-11-20] (Realtek Semiconductor Corp. -> Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8206848 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166760 2019-09-26] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45664 2019-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [355760 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [54192 2019-12-09] (Microsoft Windows -> Microsoft Corporation)
S3 atillk64; \??\E:\AAAAA\atiflash\atiflash_293\atillk64.sys [X]
U1 avgbdisk; no ImagePath
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-09 09:10 - 2020-02-09 09:11 - 000017806 _____ C:\Users\Ryzen\Downloads\FRST.txt
2020-02-09 09:10 - 2020-02-09 09:10 - 000000000 ____D C:\FRST
2020-02-09 09:09 - 2020-02-09 09:09 - 002279424 _____ (Farbar) C:\Users\Ryzen\Downloads\FRST64.exe
2020-02-09 08:47 - 2020-02-09 08:51 - 000000000 _____ C:\Recovery.txt
2020-02-09 07:23 - 2020-02-09 07:23 - 000201954 _____ C:\Windows\ntbtlog.txt
2020-02-09 07:17 - 2020-02-09 07:18 - 000884452 _____ C:\Windows\Minidump\020920-12031-01.dmp
2020-02-09 07:12 - 2020-02-09 07:12 - 000000000 ___HD C:\$SysReset
2020-02-08 13:36 - 2020-02-08 13:36 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\Mikrotik
2020-02-08 10:28 - 2020-02-08 10:28 - 000000000 ____D C:\Windows\system32\Tasks\S-1-5-21-1713079870-971874244-2607177079-1001
2020-02-05 18:06 - 2020-02-05 18:06 - 000000000 ____D C:\Users\Ryzen\Documents\Realtime Landscaping Architect 2
2020-02-05 18:05 - 2013-01-26 16:07 - 000000000 ____D C:\Users\Ryzen\Desktop\Realtime Landscaping Architect 2
2020-02-05 18:03 - 2020-02-05 10:05 - 1770538070 _____ C:\Users\Ryzen\Desktop\Realtime Landscaping Architect 2.rar
2020-02-03 06:30 - 2020-02-03 06:30 - 000000210 _____ C:\Users\Ryzen\Downloads\orders-2020003.csv
2020-01-31 17:50 - 2020-02-08 21:05 - 000000000 ____D C:\Windows\system32\Tasks\AVAST Software
2020-01-29 21:49 - 2020-02-09 09:06 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Avg
2020-01-29 21:47 - 2020-02-09 09:06 - 000000000 ____D C:\ProgramData\AVG
2020-01-27 19:45 - 2020-01-27 19:45 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2020-01-27 19:45 - 2019-09-26 04:44 - 000166760 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2020-01-27 19:45 - 2019-09-26 04:43 - 000136040 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus.sys
2020-01-25 17:13 - 2020-01-25 17:53 - 444025740 _____ C:\Users\Ryzen\Downloads\Sedmilhářky-S02E02-CZ-dabing.avi
2020-01-23 19:32 - 2020-01-23 20:55 - 919276800 _____ C:\Users\Ryzen\Downloads\Sedmilhářky_S02E01_CZ_1080.mkv
2020-01-21 21:35 - 2020-01-21 21:35 - 000000059 _____ C:\Users\Ryzen\Downloads\orders-2020002.csv
2020-01-21 19:25 - 2020-01-21 19:25 - 000296829 _____ C:\Users\Ryzen\Downloads\ŘEŠENÍ MAJETKOPRÁVNÍHO VYPOŘÁDÁNÍ v 21022020.pdf
2020-01-20 17:23 - 2020-01-20 19:04 - 1115731344 _____ C:\Users\Ryzen\Downloads\Joker (2019)Cz Dabing.avi
2020-01-15 17:20 - 2019-12-10 06:15 - 000492544 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2020-01-15 17:20 - 2019-12-10 05:59 - 000390656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2020-01-11 13:02 - 2020-01-11 13:02 - 000000768 _____ C:\Users\Ryzen\Desktop\MAFIA II .lnk
2020-01-11 12:09 - 2020-01-11 12:09 - 000038154 _____ C:\Users\Ryzen\Downloads\Mafia 2 - Special Extended Edition CZ.torrent
2020-01-11 09:44 - 2020-01-11 09:44 - 000000000 ____D C:\Users\Ryzen\AppData\Local\SKIDROW
2020-01-11 09:43 - 2020-01-11 09:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-01-11 09:43 - 2020-01-11 09:43 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2020-01-10 21:05 - 2020-01-10 21:05 - 000000000 ____D C:\Users\Ryzen\AppData\Local\2K Games
2020-01-10 20:17 - 2020-02-08 20:30 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\uTorrent
2020-01-10 20:17 - 2020-01-10 20:17 - 000000995 _____ C:\Users\Ryzen\Desktop\µTorrent.lnk
2020-01-10 20:17 - 2020-01-10 20:17 - 000000000 ____D C:\Users\Ryzen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent
2020-01-10 20:14 - 2020-01-10 20:14 - 002340456 _____ (emc) C:\Users\Ryzen\Downloads\uTorrent313.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-02-09 09:10 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-02-09 09:08 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-02-09 09:06 - 2019-12-04 20:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-09 09:06 - 2019-12-04 14:28 - 000003112 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-02-09 09:05 - 2019-12-04 21:41 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-02-09 09:05 - 2019-12-04 21:00 - 000000000 ____D C:\Users\Ryzen
2020-02-09 09:05 - 2019-12-04 20:59 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-02-09 09:05 - 2019-12-04 15:13 - 000003142 _____ C:\Windows\system32\Tasks\MSIAfterburner
2020-02-09 09:05 - 2019-03-19 12:57 - 000682526 _____ C:\Windows\system32\perfh005.dat
2020-02-09 09:05 - 2019-03-19 12:57 - 000137244 _____ C:\Windows\system32\perfc005.dat
2020-02-09 09:05 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-02-09 09:04 - 2019-12-04 21:00 - 000000000 ____D C:\Users\Ryzen\AppData\Local\Packages
2020-02-09 09:04 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-02-09 09:04 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2020-02-09 09:01 - 2019-12-04 21:41 - 000000000 ____D C:\Users\Ryzen\AppData\Local\D3DSCache
2020-02-09 09:00 - 2019-12-04 20:52 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-02-09 07:27 - 2020-01-01 19:01 - 000004210 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{4FBA26E0-44E6-469C-8F4C-8DB41451C102}
2020-02-09 07:19 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-02-09 07:18 - 2019-12-04 20:52 - 004965216 _____ C:\Windows\system32\FNTCACHE.DAT
2020-02-09 07:17 - 2019-12-04 20:55 - 000000000 ____D C:\Windows\minidump
2020-02-09 07:14 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\UNP
2020-02-09 07:14 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2020-02-09 07:14 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2020-02-09 07:14 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2020-02-09 07:01 - 2019-12-09 09:46 - 000000000 ____D C:\ProgramData\AVAST Software
2020-02-08 21:05 - 2020-01-05 08:34 - 000003482 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-02-08 21:05 - 2019-12-09 09:48 - 000003402 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-02-08 21:05 - 2019-12-09 09:48 - 000003178 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-02-08 21:05 - 2019-12-04 21:02 - 000002858 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1713079870-971874244-2607177079-1001
2020-02-08 21:05 - 2019-12-04 14:28 - 000002638 _____ C:\Windows\system32\Tasks\AMD ThankingURL
2020-02-08 21:05 - 2019-12-04 14:28 - 000002388 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2020-02-08 21:05 - 2019-12-04 14:28 - 000002202 _____ C:\Windows\system32\Tasks\StartCN
2020-02-08 21:05 - 2019-12-04 14:28 - 000002122 _____ C:\Windows\system32\Tasks\StartDVR
2020-02-08 20:30 - 2019-12-27 15:55 - 000000000 ____D C:\Users\Ryzen\AppData\Local\CrashDumps
2020-02-08 14:32 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\NDF
2020-01-29 21:48 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-01-29 16:51 - 2019-12-04 14:27 - 000000000 ____D C:\ProgramData\Package Cache
2020-01-23 18:25 - 2019-12-09 09:48 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-01-21 19:27 - 2019-12-04 21:02 - 000000000 ___RD C:\Users\Ryzen\OneDrive
2020-01-21 19:27 - 2019-12-04 21:00 - 000002361 _____ C:\Users\Ryzen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-01-15 17:30 - 2019-12-04 14:25 - 000000000 ____D C:\Windows\system32\MRT
2020-01-15 17:28 - 2019-12-04 14:25 - 120202352 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-01-11 09:43 - 2019-12-04 14:46 - 000000000 ____D C:\Windows\SysWOW64\directx

==================== Files in the root of some directories ========

2019-12-14 20:24 - 2019-12-14 20:24 - 000000274 _____ () C:\ProgramData\fontcacheev1.dat

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by Ryzen (09-02-2020 09:12:34)
Running from C:\Users\Ryzen\Downloads
Windows 10 Pro Version 1909 18363.535 (X64) (2019-12-04 19:55:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1713079870-971874244-2607177079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1713079870-971874244-2607177079-503 - Limited - Disabled)
Guest (S-1-5-21-1713079870-971874244-2607177079-501 - Limited - Disabled)
Ryzen (S-1-5-21-1713079870-971874244-2607177079-1001 - Administrator - Enabled) => C:\Users\Ryzen
WDAGUtilityAccount (S-1-5-21-1713079870-971874244-2607177079-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20061 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.12.1 - Advanced Micro Devices, Inc.)
Assassin's Creed Odyssey (HKLM-x32\...\{B7EC622B-1979-450E-8281-C5648506DB83}_is1) (Version: - Ubisoft)
B109a-m (HKLM-x32\...\{9E842662-DDD0-458E-B7E3-0448CC957633}) (Version: 140.0.851.000 - Hewlett-Packard) Hidden
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 79.0.3945.130 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{5AEA9B93-6C6A-4A0F-B2FA-BD8AA4C59B80}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
MSI Afterburner 4.6.0 (HKLM-x32\...\Afterburner) (Version: 4.6.0 - MSI Co., LTD)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PS_AIO_06_B109a-m_SW_Min (HKLM-x32\...\{B3F8AEEE-3768-4DB2-8A7F-3037797575E4}) (Version: 140.0.863.000 - Hewlett-Packard) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Wargaming.net Game Center (HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Wargaming.net Game Center) (Version: 19.9.1.8579 - Wargaming.net)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

Packages:
=========
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.30.3.0_x86__kgqvnymyfvs32 [2020-02-07] (king.com)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-14] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_110.1.671.0_x64__v10z8vjag6ke6 [2020-02-06] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-10] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-12] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-18] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.3.180.0_x64__dt26b99r8h8gj [2019-12-04] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0 [2020-01-30] (Spotify AB) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-11-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Ryzen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Zuzana - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) =============

2019-03-05 15:06 - 2019-03-05 15:06 - 000232448 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2019-03-05 15:06 - 2019-03-05 15:06 - 000057344 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2019-03-05 15:07 - 2019-03-05 15:07 - 000642048 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2019-03-05 15:06 - 2019-03-05 15:06 - 000072704 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2019-03-05 15:06 - 2019-03-05 15:06 - 000364544 _____ () [File not signed] C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-11-26 19:53 - 2019-11-26 19:53 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 11:39 - 2019-01-08 11:39 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 11:40 - 2019-01-08 11:40 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\Control Panel\Desktop\\Wallpaper -> d:\fotky\letní rodinné focení\dsc_2314 upr.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\StartupApproved\Run: => "Wargaming.net Game Center"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AA129951-5BDB-4BE6-9594-951A7E453192}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{5C94A976-F2C7-4181-B7D2-749D60FD8EE4}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{CC4226F3-A509-4ABD-8621-BF66C776F10F}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{AABDF273-754B-4566-9E21-EFA63D5810C3}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{5EF71796-AB1B-43F4-8A2B-B633FE6213BE}D:\games\world_of_tanks_eu\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [UDP Query User{6BE20E8B-86B7-43BB-B35C-BB21317987F3}D:\games\world_of_tanks_eu\win32\worldoftanks.exe] => (Allow) D:\games\world_of_tanks_eu\win32\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{F15E90D5-8E49-40DB-9936-27C9586B5F86}C:\users\ryzen\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ryzen\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{3244A8E0-C25E-498A-8A41-A318938502B7}C:\users\ryzen\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\ryzen\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{A6B440D1-FFC9-4D9F-A6AD-0E2872BA43C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{AE78BA8B-8F5F-4278-89CC-7BA1F8355BEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4E920A4C-404C-4309-BFBB-F4F276CA72A3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7F3D9570-DE95-4BC2-BE49-3D527FE68100}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F685EE82-D9F8-4788-A3C9-64091655EE63}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B1B6CF6A-A049-4947-82D9-52576ED9FD22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E70BF8C3-61B4-4919-B676-546387F62C31}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CD599B72-6CF1-48F1-902D-ED3ADC0FBADA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1B0EE30A-C184-41D3-A5CD-82C9EB8735DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.125.559.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{D6D9B675-2BE7-4E63-8691-5E5777CD43BC}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File
FirewallRules: [UDP Query User{E56250EE-7453-45FA-839B-72BD5CF5E1C6}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:111.16 GB) (Free:44.45 GB) (40%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (02/08/2020 08:30:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 3.1.3.26837, časové razítko: 0x4f5934c0
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x1c70
Čas spuštění chybující aplikace: 0x01d5de9d8b825b66
Cesta k chybující aplikaci: C:\Users\Ryzen\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\GDI32.dll
ID zprávy: a3028220-8a6c-40f4-805e-1b7081f2f938
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/08/2020 02:53:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_WpnUserService, verze: 10.0.18362.1, časové razítko: 0x32d6c210
Název chybujícího modulu: combase.dll, verze: 10.0.18362.449, časové razítko: 0xac52ea46
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000000d7a3
ID chybujícího procesu: 0xf60
Čas spuštění chybující aplikace: 0x01d5de871e1b551e
Cesta k chybující aplikaci: C:\Windows\system32\svchost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\combase.dll
ID zprávy: 6b98ae71-0e0a-4ba7-9eb8-918c81c2897a
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (02/07/2020 06:59:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: GameBarFTServer.exe, verze: 3.37.2001.29002, časové razítko: 0x5e3195df
Název chybujícího modulu: ntdll.dll, verze: 10.0.18362.418, časové razítko: 0x99ca0526
Kód výjimky: 0xc0000374
Posun chyby: 0x00000000000f9269
ID chybujícího procesu: 0x123c
Čas spuštění chybující aplikace: 0x01d5dde046957333
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.37.29002.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
Cesta k chybujícímu modulu: C:\Windows\SYSTEM32\ntdll.dll
ID zprávy: 0e23ff13-fba4-457c-8600-408dec09ad57
Úplný název chybujícího balíčku: Microsoft.XboxGamingOverlay_3.37.29002.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: App

Error: (02/06/2020 06:41:11 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: Velikost požadované vyrovnávací paměti je větší než velikost vyrovnávací paměti předané do funkce Collect knihovny DLL rozšiřitelných čítačů C:\Windows\System32\perfts.dll pro službu LSM. Velikost dané vyrovnávací paměti: 28880; požadovaná velikost: 31936.

Error: (02/05/2020 06:06:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Generování kontextu aktivace pro C:\Users\Ryzen\Desktop\Realtime Landscaping Architect 2\ProbRpt.exe se nezdařilo. Chyba v souboru manifestu nebo zásad na řádku .
Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která je již aktivní.
Konfliktní součásti:
Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.592_none_2e6de868278ee708.manifest.
Součást 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.18362.592_none_e6c0b1911312be02.manifest.

Error: (01/27/2020 05:15:12 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: Velikost požadované vyrovnávací paměti je větší než velikost vyrovnávací paměti předané do funkce Collect knihovny DLL rozšiřitelných čítačů C:\Windows\System32\perfts.dll pro službu LSM. Velikost dané vyrovnávací paměti: 30024; požadovaná velikost: 31016.

Error: (01/15/2020 05:30:34 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: Velikost požadované vyrovnávací paměti je větší než velikost vyrovnávací paměti předané do funkce Collect knihovny DLL rozšiřitelných čítačů C:\Windows\System32\perfts.dll pro službu LSM. Velikost dané vyrovnávací paměti: 30784; požadovaná velikost: 30832.

Error: (01/11/2020 01:09:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 3.1.3.26837, časové razítko: 0x4f5934c0
Název chybujícího modulu: GDI32.dll, verze: 10.0.18362.1, časové razítko: 0x527faf7f
Kód výjimky: 0xc000041d
Posun chyby: 0x00004647
ID chybujícího procesu: 0x24f4
Čas spuštění chybující aplikace: 0x01d5c86f3500cf0e
Cesta k chybující aplikaci: C:\Users\Ryzen\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\Windows\System32\GDI32.dll
ID zprávy: 40bcd16f-d0fa-4dc4-8707-d96e73ee4263
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (02/09/2020 09:00:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (8:52:33, ‎09.‎02.‎2020) bylo neočekávané.

Error: (02/09/2020 08:44:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:23:35, ‎09.‎02.‎2020) bylo neočekávané.

Error: (02/09/2020 07:23:05 AM) (Source: DCOM) (EventID: 10005) (User: Window Manager)
Description: Služba DCOM zjistila chybu 1084 při pokusu o spuštění služby DispBrokerDesktopSvc s argumenty Není k dispozici za účelem spuštění serveru:
DispBrokerDesktop.GlobalBrokerInstance

Error: (02/09/2020 07:23:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba iphlpsvc závisí na službě WinHttpAutoProxySvc, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/09/2020 07:23:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NlaSvc závisí na službě Dhcp, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/09/2020 07:23:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba WinHttpAutoProxySvc závisí na službě Dhcp, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/09/2020 07:23:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba LanmanWorkstation závisí na službě nsi, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.

Error: (02/09/2020 07:23:05 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba WlanSvc závisí na službě Wcmsvc, která neuspěla při spuštění v důsledku následující chyby:
Nepodařilo se zahájit závislou službu nebo skupinu.


Windows Defender:
===================================
Date: 2019-12-09 07:47:43.338
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {55B3094B-CAD6-4B0F-9F13-B909E069A166}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-08 17:48:11.638
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {717E9DBE-489B-4839-A9D0-3D62CEFE9890}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-09 08:08:33.849
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-12-09 08:08:33.849
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-12-09 08:08:33.849
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-12-09 08:08:33.842
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

Date: 2019-12-09 08:08:33.842
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.305.3332.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16500.1
Kód chyby: 0x80072ee7
Popis chyby: Nelze rozpoznat název nebo adresu serveru.

CodeIntegrity:
===================================

Date: 2020-02-09 09:05:31.031
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-09 09:05:28.824
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-09 09:05:00.310
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-09 09:04:59.737
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-02-09 09:02:54.935
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-02-09 09:02:54.930
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-02-09 09:02:54.904
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2020-02-09 09:02:06.964
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F42 08/23/2019
Motherboard: Gigabyte Technology Co., Ltd. A320M-H-CF
Processor: AMD Ryzen 5 1400 Quad-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16332.76 MB
Available physical RAM: 12942.81 MB
Total Virtual: 18764.76 MB
Available Virtual: 12274.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.16 GB) (Free:44.45 GB) NTFS
Drive d: (HDD) (Fixed) (Total:931.51 GB) (Free:583.81 GB) NTFS

\\?\Volume{fdf472a0-d83a-4a1d-b6cf-bac57678ffae}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{68619087-0b90-439d-b7fb-8bb606c67c50}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================

[Rudy]

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

[zsrn01]

Dobrý den, děkuji za odpověď. Když provedu scanování a základní opravu tak to píše, že detekovaných 0 a tváří se, že je vše v pořádku. Bohužel ale stále při spouštění Windows 10 naskočí příkazový řádek. Předem děkuji za radu.
Log posílám:
# -------------------------------
# Malwarebytes AdwCleaner 8.0.2.0
# -------------------------------
# Build: 01-27-2020
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-09-2020
# Duration: 00:00:14
# OS: Windows 10 Pro
# Scanned: 34824
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1405 octets] - [09/02/2020 11:39:04]
AdwCleaner[C00].txt - [1595 octets] - [09/02/2020 11:39:58]
AdwCleaner[S01].txt - [1527 octets] - [09/02/2020 11:42:01]
AdwCleaner[S02].txt - [1588 octets] - [09/02/2020 11:42:23]
AdwCleaner[C02].txt - [1778 octets] - [09/02/2020 11:42:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########

[Rudy]

Toto je OK.
Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0319E1E1-518E-424F-9C3D-B98F5BDCC367} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
Task: {7F80E493-FF8F-45CD-8014-2B77179A8BB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{AA129951-5BDB-4BE6-9594-951A7E453192}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{5C94A976-F2C7-4181-B7D2-749D60FD8EE4}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{D6D9B675-2BE7-4E63-8691-5E5777CD43BC}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File
FirewallRules: [UDP Query User{E56250EE-7453-45FA-839B-72BD5CF5E1C6}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File

EmptyTemp:
End

Uložte do C:\Users\Ryzen\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[zsrn01]

Dobrý den,

Spustil jsem fix a po skončení se spustila aktualizace windows, po restartu počítač najel do windows najel už bez problému. Takže snad už je to v pořádku. Log posílám.

Děkuji za podporu

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-02-2020 02
Ran by Ryzen (09-02-2020 17:06:18) Run:1
Running from C:\Users\Ryzen\Desktop
Loaded Profiles: Ryzen (Available Profiles: Ryzen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Winlogon: [Shell] %comspec% <==== ATTENTION
HKU\S-1-5-21-1713079870-971874244-2607177079-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist ( start /MIN "" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {0319E1E1-518E-424F-9C3D-B98F5BDCC367} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
Task: {7F80E493-FF8F-45CD-8014-2B77179A8BB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-12-09] (Google Inc -> Google Inc.)
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FirewallRules: [TCP Query User{AA129951-5BDB-4BE6-9594-951A7E453192}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [UDP Query User{5C94A976-F2C7-4181-B7D2-749D60FD8EE4}E:\hry nainstalovane\grand theft auto v\gta5.exe] => (Block) E:\hry nainstalovane\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{D6D9B675-2BE7-4E63-8691-5E5777CD43BC}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File
FirewallRules: [UDP Query User{E56250EE-7453-45FA-839B-72BD5CF5E1C6}C:\users\ryzen\downloads\winbox64.exe] => (Allow) C:\users\ryzen\downloads\winbox64.exe No File

EmptyTemp:
End
*****************

Processes closed successfully.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-1713079870-971874244-2607177079-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge" => removed successfully
"HKU\S-1-5-21-1713079870-971874244-2607177079-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
"HKU\S-1-5-21-1713079870-971874244-2607177079-1001\Software\Microsoft\Command Processor\\AutoRun" => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0319E1E1-518E-424F-9C3D-B98F5BDCC367}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0319E1E1-518E-424F-9C3D-B98F5BDCC367}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F80E493-FF8F-45CD-8014-2B77179A8BB6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F80E493-FF8F-45CD-8014-2B77179A8BB6}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removed successfully
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA" => not found
"C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AA129951-5BDB-4BE6-9594-951A7E453192}E:\hry nainstalovane\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5C94A976-F2C7-4181-B7D2-749D60FD8EE4}E:\hry nainstalovane\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D6D9B675-2BE7-4E63-8691-5E5777CD43BC}C:\users\ryzen\downloads\winbox64.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E56250EE-7453-45FA-839B-72BD5CF5E1C6}C:\users\ryzen\downloads\winbox64.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 182522256 B
Java, Flash, Steam htmlcache => 1110 B
Windows/system/drivers => 1066862 B
Edge => 1898745 B
Chrome => 946001662 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 64034 B
NetworkService => 98088 B
Ryzen => 78242404 B

RecycleBin => 1363304706 B
EmptyTemp: => 2.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:08:34 ====

[Rudy]

OK, vše bylo smazáno. Problém asi způsobila nějaká instalace. Virus tam nebyl. Nemáte zač!