HJT - nelze psát čárky

[jaro3]

Disk OK.

Ještě RogueKiller .

[Reklama]

[Otasek]

RogueKiller Anti-Malware V14.7.4.0 (x64) [Oct 22 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19041) 64 bits
Started in : Normal mode
User : motte [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20201021_093136, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/10/24 23:06:18 (Duration : 00:05:22)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[jaro3]

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.


Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.


Vlož nový log z HJT + informuj o problémech.

[Otasek]

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by motte on 25.10.2020 at 14:21:03,15.
Microsoft Windows 10 Home 10.0.19041 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\motte\OneDrive\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.10.2020 14:23:23 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\48C4687D-9760-4F5B-BAB3-60351B0841E4 deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\ssh deleted successfully
C:\Users\motte\AppData\Local\PackageStaging deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Packages deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\48C4687D-9760-4F5B-BAB3-60351B0841E4 not found
C:\Users\motte\AppData\Roaming\discord deleted
C:\PROGRA~3\Package Cache deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CM2C7CE.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b8da.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b8eb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b8ed.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b8ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b901.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b903.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b905.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b917.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b919.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b91b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b93c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b93e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b940.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b951.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b953.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b955.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b967.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b969.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b96b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b97d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b97f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b981.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b992.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b994.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b996.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b998.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9aa.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9ac.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9ae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9c0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9c2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9c4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9c6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9d7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9d9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9db.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9dd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9ef.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9f1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15b9f3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba04.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba18.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba1a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba1c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba2e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba30.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba32.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba43.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba45.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba47.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba59.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba5b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba6d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba6f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba71.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba82.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba84.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba86.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-1004-40f4-15ba98.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bb7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bd8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bda.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321bff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c01.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c15.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c36.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c38.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c3a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c4c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c4e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c5f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c61.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c73.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c75.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c87.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-246c-3cb0-1321c89.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182930.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182951.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182963.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182965.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182976.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182988.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-18298a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-18299b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829d2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829e4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829f6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-1829f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182a09.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182a1b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182a1d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182a2e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2b3c-3050-182a40.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5b1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5c2.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5d4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5e5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5e7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f5f9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f60b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f61c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f61e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f630.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f642.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f653.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f665.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f676.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f688.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f68a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f69c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f6ad.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f6bf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-2ebc-1f0c-436f6d1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8653.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8693.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f86a5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f86e5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8726.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8757.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8778.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f878a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f879b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f87bd.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f87ce.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f87e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8801.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8822.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8844.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8865.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8876.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f8898.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f88c9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-3adc-1730-9f88ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6302cf.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6302e0.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630302.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630323.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630344.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630365.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630396.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6303b7.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6303f8.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630429.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-63045a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6304b9.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6304ea.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-63052b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-63055c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-63058d.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6305ae.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-6305df.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-63061f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-654-8c4-630631.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c8dc.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c8ee.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c8ff.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c911.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c922.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c934.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c946.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c957.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c969.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c97b.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c98c.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c99e.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c9af.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c9c1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c9d3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4c9f4.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4ca06.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4ca17.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4ca29.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-670-674-4ca3a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fa54.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fad3.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fb13.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fb54.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fb94.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fbb5.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fbe6.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fc08.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fc48.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fc69.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fc9a.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fcbb.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fcec.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fcfe.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fd1f.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fd40.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fd62.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fde1.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9fe60.tmp deleted
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\tw-83c-bc4-9ff0e.tmp deleted
"C:\DumpStack.log.tmp" not deleted

==== Chromium Look ======================


Chrome Media Router - motte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE13&ocid=UE13DHP"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=PRASU1&src=IE11TR&pc=ASTE
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Reset Google Chrome ======================

C:\Users\motte\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\motte\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\motte\AppData\Local\Microsoft\Edge\User Data\Default\Preferences was reset successfully
C:\Users\motte\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences was reset successfully
C:\Users\motte\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\motte\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\motte\AppData\Local\Microsoft\Edge\User Data\Default\Web Data was reset successfully
C:\Users\motte\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\motte\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\motte\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\motte\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\motte\AppData\Local\Microsoft\Edge\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2072 folders=463 456698896 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\motte\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\motte\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\DumpStack.log.tmp" not deleted

==== EOF on 25.10.2020 at 14:57:20,31 ======================

[Otasek]

Informace o kontroly
Název produktu    :  Zemana AntiMalware
Stav kontroly    :  Dokončena
Datum kontroly    :  25.10.2020 15:02:39
Typ kontroly    :  Inteligentní kontrola
Čas trvání    :  00:00:25
Zkontrolované objekty    :  1946
Zjištěné objekty    :  0
Vyloučené objekty    :  0
Automatické odesílání    :  Ano
Operační systém    :  Windows 10 x64
Procesor    :  8X AMD Ryzen 5 3550H with Radeon Vega Mobile Gfx
Režim systému BIOS    :  UEFI
Informace o doméně    :  WORKGROUP,False,NetSetupWorkgroupName
CUID    :  146960E829C7C964BC29D6

[Otasek]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:05:39, on 25.10.2020
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ACMON.exe
C:\Users\motte\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE13DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\86.0.622.51\BHO\ie_to_edge_bho.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O4 - HKCU\..\Run: [OneDrive] "C:\Users\motte\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Discord] C:\Users\motte\AppData\Local\Discord\app-0.0.308\Discord.exe
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] C:\Users\motte\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\WINDOWS\System32\DriverStore\FileRepository\u0357171.inf_amd64_12865057442cf819\B353694\atiesrxx.exe
O23 - Service: ARMOURY CRATE Service (ArmouryCrateService) - ASUSTeK COMPUTER INC. - C:\Program Files\ASUS\ARMOURY CRATE Service\ArmouryCrate.Service.exe
O23 - Service: ASUS Update Service (asus) (asus) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe
O23 - Service: ASUS Link Near (ASUSLinkNear) - ASUSTek Computer Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkNear\AsusLinkNear.exe
O23 - Service: ASUS Link Near Extension (ASUSLinkNearExt) - ASUSTek Computer Inc. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkNear\AsusLinkNearExt.exe
O23 - Service: ASUS Link Remote (ASUSLinkRemote) - ASUSTeK COMPUTER INC.? - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkRemote\AsusLinkRemote.exe
O23 - Service: ASUS Update Service (asusm) (asusm) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe
O23 - Service: ASUS Optimization (ASUSOptimization) - ASUSTeK COMPUTER INC. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSOptimization\AsusOptimization.exe
O23 - Service: ASUS Software Manager (ASUSSoftwareManager) - ASUSTeK COMPUTER INC. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSSoftwareManager\AsusSoftwareManager.exe
O23 - Service: ASUS System Analysis (ASUSSystemAnalysis) - ASUSTeK COMPUTER INC. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSSystemAnalysis\AsusSystemAnalysis.exe
O23 - Service: ASUS System Diagnosis (ASUSSystemDiagnosis) - ASUSTek COMPUTER INC. - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSSystemDiagnosis\AsusSystemDiagnosis.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_8fab0 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DTS APO3 Service (DTSAPO3Service) - Unknown owner - C:\WINDOWS\System32\DTS\PC\APO3x\DTSAPO3Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\86.0.4240.111\elevation_service.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LightingService - ASUSTek Computer Inc. - C:\Program Files (x86)\LightingService\LightingService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_81b9e51a68190f03\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Service for Panel OverDrive , if this service stop, can't use OverDrive feature (RefreshRateService) - Unknown owner - C:\Program Files (x86)\ASUSTeK COMPUTER INC\RefreshRateService\RefreshRateService.exe
O23 - Service: RogueKiller RTP (rkrtservice) - Unknown owner - C:\Program Files\RogueKiller\RogueKillerSvc.exe
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: ROG Live Service - ASUSTek COMPUTER INC. - C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Unknown owner - C:\WINDOWS\System32\RtkAudUService64.exe (file missing)
O23 - Service: @oem5.inf,%RtkBtManServ.SvcDesc%;Realtek Bluetooth Device Manager Service (RtkBtManServ) - Realtek Semiconductor Corp. - C:\WINDOWS\RtkBtManServ.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12832 bytes

[Otasek]

Už mě nic nenapadá, dle mého to virem asi nebude, ale bude v tom nějaké špatné nastavení a nebo je možné, že to způsobila nějaká klávesová zkratka, taky jsem nalezl toto forum, kde pojednávali o nějakým virusu, který ani Malwarebytes nenajde a je schovaný v System32 většinou pod lsass nebo schvost.exe. to vše jsem projel, ale nikde jsem žádný problém nenašel.

Vím, že bych vše tohle mohl vyřešit továrním nastavením, ale přijde mi to škoda ho dávat do továrka, když to může být nějaká prkotina.

Tak vím, že se v počítačích nevyznám a hlavně ne v téhle problematice.

[jaro3]

Zkus tu klávesnici (usb?) odpojit. Ve správci zařízení -- pravým klik na tento počítač , -vlastnosti, v okně vlevo správce zařízení.
Tam najít klávesnici rozklik tu klávesnici pravým a vybrat "odinstalovat".
Restart počítače , předtím zapojit klávesnici.
Pak napiš.

[Otasek]

nefunguje to ani na ntb klávesnici, ale jdu to zkusit.

[Otasek]

Tak to nejde

[jaro3]

Vypni antivir i firewall.
Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
další odkaz:
http://www.bleepingcomputer.com/downloa ... scan-tool/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[Otasek]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by motte (25-10-2020 17:31:38)
Running from C:\Users\motte\OneDrive\Plocha
Windows 10 Home Version 2004 19041.572 (X64) (2020-10-14 13:01:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1058579219-2999521139-2299154450-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1058579219-2999521139-2299154450-503 - Limited - Disabled)
Guest (S-1-5-21-1058579219-2999521139-2299154450-501 - Limited - Disabled)
motte (S-1-5-21-1058579219-2999521139-2299154450-1001 - Administrator - Enabled) => C:\Users\motte
WDAGUtilityAccount (S-1-5-21-1058579219-2999521139-2299154450-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {F682A51C-4EAD-6A3A-F460-B9C1D4A2DB09}
FW: McAfee Firewall (Enabled) {CEB92439-04C2-6B62-DF3F-10F42A719C72}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aktualizace NVIDIA 38.0.5.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 38.0.5.0 - NVIDIA Corporation) Hidden
ARMOURY CRATE Service (HKLM\...\{01378DC3-088F-4F55-AAFA-DC6A9CCA292A}) (Version: 3.1.5 - ASUS)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.3.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{99c84b70-e56e-4a29-9a3a-10d41c9fcc6d}) (Version: 2.3.3.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.57 - ASUSTek COMPUTER INC.) Hidden
ASUS Framework Service (HKLM-x32\...\{0432b7d3-a0dd-4049-81e3-c052fdd269d5}) (Version: 2.0.0.11 - ASUSTek COMPUTER INC.)
ASUS Framework Service (HKLM-x32\...\{EA6A87BE-8AD3-40D2-944C-9DF5FBFF4332}) (Version: 2.0.0.11 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.34 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{049c2f12-c730-4efc-81db-0adcf3ff5782}) (Version: 1.0.34 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{a96c7710-4dd8-463e-8f76-c3ad65b248a5}) (Version: 1.0.33 - ASUSTek COMPUTER INC.) Hidden
ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.107.33 - ASUSTeK Computer Inc.) Hidden
AURA lighting effect add-on (HKLM-x32\...\{1E2EA04B-FCA7-457E-B6F4-F33E1858E859}) (Version: 0.0.12 - ASUS)
AURA lighting effect add-on x64 (HKLM\...\{C5A4A164-4428-4931-B728-96EEF0FA3C44}) (Version: 0.0.12 - ASUS)
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.04.22 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{60e51d71-e385-4768-a139-be302e411f57}) (Version: 3.04.22 - ASUSTeK Computer Inc.)
Discord (HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\Discord) (Version: 0.0.308 - Discord Inc.)
DSB Notification (HKLM\...\{A82D01C4-0F9C-4FD6-9E2F-EDBD1E9826DC}) (Version: 1.2.1 - ASUSTeK COMPUTER INC.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2060.1 - Rockstar Games)
Microsoft 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.13231.20390 - Microsoft Corporation)
Microsoft 365 Apps pro velké organizace - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.13231.20390 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.51 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.135.49 - )
Microsoft OneDrive (HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0006 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\Teams) (Version: 1.3.00.21759 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32\...\{F6678473-0198-46D0-A88F-2A247E6FA03C}) (Version: 1.0.0.0 - Mojang)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.27 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.4.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.4.14 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NvModuleTracker (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvModuleTracker.Driver) (Version: 6.14.24033.38719 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
RefreshRateService (HKLM-x32\...\{0167A031-AD97-403B-A129-9DFCB53F3890}) (Version: 1.0.17 - ASUSTeK COMPUTER INC.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.27.272 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.5 - Rockstar Games)
ROG Live Service (HKLM-x32\...\{2D87BFB6-C184-4A59-9BBE-3E20CE797631}) (Version: 1.1.6.0 - ASUSTek COMPUTER INC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.21759 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 114.0 - Ubisoft)
Wargaming.net Game Center (HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\Wargaming.net Game Center) (Version: 20.6.0.2120 - Wargaming.net)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
World of Tanks EU (HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\WOT.EU.PRODUCTION) (Version: - Wargaming.net)

Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.20004.0_x64__0a9344xs7nr4m [2020-09-11] (Advanced Micro Devices Inc.)
ARMOURY CRATE -> C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.1.6.0_x64__qmba6cd70vzyy [2020-09-26] (ASUSTeK COMPUTER INC.)
DTS Headphone:X v1 -> C:\Program Files\WindowsApps\DTSInc.DTSHeadphoneXv1_2.0.0.0_x64__t5j2fzbtdg37r [2020-04-24] (DTS, Inc.)
GameVisual -> C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy [2020-09-11] (ASUSTeK COMPUTER INC.) [Startup Task]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-23] (Microsoft Studios) [MS Ad]
MyASUS -> C:\Program Files\WindowsApps\B9ECED6F.ASUSPCAssistant_2.2.44.0_x64__qmba6cd70vzyy [2020-10-22] (ASUSTeK COMPUTER INC.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-09-11] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.169.0_x64__dt26b99r8h8gj [2020-04-24] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1058579219-2999521139-2299154450-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\motte\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1058579219-2999521139-2299154450-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\motte\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20130.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_81b9e51a68190f03\nvshext.dll [2020-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2020-07-08 16:42 - 2020-07-08 16:42 - 000477696 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ffi-napi\prebuilds\win32-ia32\node.napi.node
2020-07-08 16:42 - 2020-07-08 16:42 - 000471040 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\ref-napi\prebuilds\win32-ia32\node.napi.node
2020-07-14 16:16 - 2020-07-14 16:16 - 000454656 _____ () [File not signed] \\?\C:\Program Files (x86)\ASUS\ArmouryDevice\node_modules\registry-js\prebuilds\win32-ia32\node.napi.node
2020-10-14 10:33 - 2019-12-23 17:51 - 000093184 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\zlibwapi.dll
2020-10-14 10:33 - 2019-06-26 15:07 - 000094208 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\MacroControl.dll
2020-04-22 14:35 - 2020-04-22 14:35 - 000081920 _____ () [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\WindowID\WindowID.dll
2020-09-26 15:49 - 2020-09-26 15:49 - 072340480 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_3.1.6.0_x64__qmba6cd70vzyy\ArmouryCrate.dll
2020-09-11 19:38 - 2020-09-11 19:38 - 000038400 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\DetectDisplayDC.dll
2020-04-24 01:43 - 2020-04-24 01:43 - 000038912 _____ () [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\VideoEnhance.dll
2020-05-26 16:08 - 2020-05-26 16:08 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2020-10-14 10:33 - 2019-10-24 10:15 - 002676736 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\AURAChecker.dll
2020-09-11 19:38 - 2020-09-11 19:38 - 000462848 _____ (ASUSTeK Computer Inc.) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ColorU.dll
2020-10-14 10:33 - 2019-06-26 15:07 - 003394560 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libcrypto-1_1-x64.dll
2020-10-14 10:33 - 2019-06-26 15:07 - 000679424 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\libssl-1_1-x64.dll
2020-10-14 10:33 - 2019-07-31 13:48 - 000072704 _____ (TODO: <Company name>) [File not signed] C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Protocol\Interrupt\InterruptTransfer.dll
2019-04-12 18:59 - 2019-04-12 18:59 - 000427520 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll
2020-09-11 19:38 - 2020-09-11 19:38 - 000452096 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\ColorUGameDLL.dll
2020-09-11 19:38 - 2020-09-11 19:39 - 000029696 _____ (TODO: <Company name>) [File not signed] C:\Program Files\WindowsApps\B9ECED6F.GameVisual_2.2.2.0_x64__qmba6cd70vzyy\GLCDdll.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\amsdk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-1058579219-2999521139-2299154450-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1058579219-2999521139-2299154450-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-10-06] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\sharepoint.com -> hxxps://otasek-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-10-25 14:24 - 000000841 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\motte\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1058579219-2999521139-2299154450-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0945AC98-A953-4873-9146-BC740D1BB864}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK Computer Inc. -> )
FirewallRules: [{CD14AB70-7ED6-4C50-9D68-06F7ADCA9611}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{95958496-007C-4B08-AAA9-D9EB64ADAC65}] => (Allow) C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe (ASUSTeK Computer Inc. -> ASUS)
FirewallRules: [{B0EAF30B-7CD3-426D-945E-4B5CC3359407}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{8C2D94B4-3B46-45CA-A6AF-D3B221F00F9F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4B08D233-025F-4C20-AFA8-EED36930E51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{66DE6AD4-9153-4525-A603-AE1D2AB9A8C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [File not signed]
FirewallRules: [{BC3EB20D-1C70-4520-815A-181DC71EC592}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{331EEB3B-FF69-47E3-9DD0-EF57DEDF4E24}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FED3E493-2B6A-44B8-8E74-95DBAA4C1FE3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E416B948-A064-428E-BDDD-A69E21773C02}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2FFD28BD-E220-44FD-9A50-24F247B688FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{12447D6A-DD8C-4A9E-AAAD-1C5A600333F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{3C0EF651-6EF6-41F0-BAF3-E402A261DD5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{FC462699-A804-4159-B6DE-D28DC3305D55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe (Square Enix) [File not signed]
FirewallRules: [{A113F91C-555B-4F04-9D05-4BF2E9ACCCE8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{AF107F87-B500-4063-A114-E5E44AA9A64D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{706CD435-E997-4F29-82C4-5D585B8F4D29}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{A765C82C-C2B7-43F9-B9D7-E36E6D6D44AF}] => (Allow) C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe (ASUSTEK COMPUTER INCORPORATION -> ASUSTek COMPUTER INC.)
FirewallRules: [{AB2C421F-DA61-44FF-8820-53330B6BBB09}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A7CD840D-8266-4E12-92F1-F410F190FEE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C54745F5-9A69-4871-A3CF-AFFEE68C924C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2F7D7B6A-E6E1-43CA-A365-D4C99A8DDF72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{75C16B7C-5F24-42DE-9BB6-BC86E489980F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FED8557F-0A3A-45D6-A468-1A148598A998}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{81FE1BA0-2E9B-4DF4-AD04-6CE9650C9A41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [UDP Query User{1EACDE58-4354-40BD-B21C-9AA1FF606BD5}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [TCP Query User{9810D3E7-FDAB-47C0-9814-EC03768B6836}C:\games\world_of_tanks_eu\win64\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_eu\win64\worldoftanks.exe (Wargaming.net Limited -> Wargaming.net)
FirewallRules: [{2CF1508A-267F-40B3-870D-A214107650E1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{503FA0BE-8242-4EB3-9C06-29025B3A325A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{44A1CF15-F8C1-4BD1-B702-4F91ED6768DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46C67C8D-76B4-4C25-A382-6A55521D1DC8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.64.80.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BA4A2F1E-F48D-46EF-B782-8FB94DA47A46}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C6E34E4D-D05A-4E38-AE85-FC416765C6AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E003B0BD-67F4-4461-A435-0380C8694953}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5A6CE5AE-B2A4-4ADD-8ADD-A65BFEFCF6F0}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkNear\AsusLinkNear.exe (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
FirewallRules: [{763E0994-E79C-4DF4-88BE-5B6A43A085CC}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{8965C8F7-CC4D-43E5-9256-0229028068AD}] => (Allow) C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8f0055bbf871cd7a\ASUSLinkRemote\AsusLinkRemoteAgent.exe (ASUSTek Computer Inc. -> ASUSTeK COMPUTER INC.​)
FirewallRules: [{942A3CA3-6946-43B0-A322-0CAA6495EC2F}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK Computer Inc. -> )
FirewallRules: [{BDB865E6-3B8E-4B38-881A-FC0588B03B5E}] => (Allow) C:\Program Files\ASUS\ARMOURY CRATE Service\MobilePlugin\AutoConnectHelper.exe (ASUSTeK Computer Inc. -> )

==================== Restore Points =========================

15-10-2020 20:45:53 Instalační služba modulů systému Windows
24-10-2020 18:04:15 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/25/2020 05:18:19 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (10/25/2020 02:56:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/25/2020 02:56:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/25/2020 02:56:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/25/2020 02:56:33 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/25/2020 02:23:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DaS_21.exe, verze: 2.1.0.4, časové razítko: 0x540c90b2
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.19041.572, časové razítko: 0x1183946c
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000023e49
ID chybujícího procesu: 0xee8
Čas spuštění chybující aplikace: 0x01d6aad2058ff0c9
Cesta k chybující aplikaci: C:\Users\motte\AppData\Local\Temp\DaS_21.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 6336398a-717f-4d84-a62e-1cda2f194517
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/25/2020 02:23:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: DaS_21.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.IO.IOException
na System.IO.__Error.WinIOError(Int32, System.String)
na System.Console.SetWindowSize(Int32, Int32)
na DriverAndServicesOut.Program.Main(System.String[])

Error: (10/24/2020 10:57:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 4.0.0.814, časové razítko: 0x5f7e3e2e
Název chybujícího modulu: Qt5Core.dll, verze: 5.14.1.0, časové razítko: 0x5e8272e4
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000219d05
ID chybujícího procesu: 0x1ddc
Čas spuštění chybující aplikace: 0x01d6aa507f1a7abf
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 380f2fee-f2ed-46f2-abb0-53d8b764b1c8
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (10/25/2020 05:09:23 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Služba ASUS System Analysis se po přijetí pokynu pro vypnutí neukončila správně.

Error: (10/25/2020 05:08:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 05:07:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 05:07:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 05:06:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 05:05:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 03:33:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).

Error: (10/25/2020 03:32:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ASUSSystemAnalysis bylo dosaženo časového limitu (30000 ms).


Windows Defender:
===================================
Date: 2020-10-25 15:15:28.5740000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3E70F9F7-2A6E-446B-9BC8-4E28C5C814CA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-20 09:59:08.4150000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {2D5B1607-590B-42D3-8991-715847E6CFE3}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-20 09:44:13.2040000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {1A016BAC-48E8-4EA9-96E1-39F05FD7EE8C}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-19 14:20:40.8600000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {622FDE72-72FD-47C6-93D5-793A5B62C9A2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-10-19 13:21:12.3560000Z
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {D4808DFF-775A-410F-9931-F24B99E15E50}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2020-10-24 19:02:35.5660000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-10-24 19:02:33.5420000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Windows signing level requirements.

Date: 2020-10-24 19:02:29.2830000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-24 19:02:29.2730000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-24 19:02:29.2630000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-24 19:02:29.2540000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-24 19:02:29.2450000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

Date: 2020-10-24 19:02:29.2330000Z
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender Antivirus Free\bdamsi\264917175860770000\antimalware_provider64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. FX505DT.310 12/24/2019
Motherboard: ASUSTeK COMPUTER INC. FX505DT
Processor: AMD Ryzen 5 3550H with Radeon Vega Mobile Gfx
Percentage of memory in use: 41%
Total physical RAM: 8000.9 MB
Available physical RAM: 4686.7 MB
Total Virtual: 11456.9 MB
Available Virtual: 6823.47 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:475.55 GB) (Free:234.02 GB) NTFS

\\?\Volume{9f1661b6-9c64-4a3d-bfcb-7e570369fa80}\ () (Fixed) (Total:1.12 GB) (Free:0.63 GB) NTFS
\\?\Volume{5221ba65-dbc9-451f-939d-773e7523b897}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 96FDAFBF)

Partition: GPT.

==================== End of Addition.txt =======================