kontrola logu (pre rudy-ho)
Napsal: 08 srp 2023 10:00
Zdravím,
vyskočilo mi akési okno, akoby niečo robilo print-screen (ale môže to byť aj súčasť windowsu)
ADWC a MBAN nenašli nič
čo je toto?
2023-07-12 08:46 - 2023-07-12 08:46 - 000000000 ___HD C:\$WinREAgent
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023
Ran by igorv (administrator) on DESKTOP-AJTU3EA (TOSHIBA Satellite L650) (08-08-2023 10:50:46)
Running from C:\Users\igorv\Downloads\FRST64.exe
Loaded Profiles: igorv
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\79.0.2.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe <2>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1004790077-1547760064-1104730356-1001\...\Run: [MicrosoftEdgeAutoLaunch_12DCDEA817FD98234F2AB1F8B100D4B7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088256 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1004790077-1547760064-1104730356-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6754C4FB-F1CD-4BD9-A875-750B5E558C53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-07-09] (Google LLC -> Google LLC)
Task: {07EC9FE9-14D2-48CA-BAAD-2652654C88F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-07-09] (Google LLC -> Google LLC)
Task: {A8DF1E3D-D72F-4018-9265-9EB81D9AC05F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {605CE1E2-1D3B-4618-8282-095077864633} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5AD6D30-7FA2-4A0B-BF64-DDF7EB431C38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D23A9DC2-4E4F-44EE-B858-BF505A1CF037} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.31.248 1.1.1.1
Tcpip\..\Interfaces\{f04d4822-7982-437d-b9b5-b933725a7599}: [DhcpNameServer] 192.168.31.248 1.1.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-08]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge Extension: (Edge relevant text changes) - C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-25]
Edge Profile: C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-07-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DSDFunctionKeyCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe [708528 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S2 DSDTabletControlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDTabSysSvc.exe [320496 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 DSDWirelessLEDCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe [470504 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 dynabookSettingService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe [24162712 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-08-07] (Malwarebytes Inc. -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dhotkey; C:\Windows\System32\drivers\dhotkey.sys [52736 2023-03-22] (Dynabook Inc. -> Dynabook Inc.)
R1 dsrvctldrv; C:\Windows\System32\drivers\dsrvctldrv.sys [30256 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R0 DVALZ_O; C:\Windows\System32\drivers\DVALZ_O.SYS [47464 2022-07-18] (Dynabook Inc. -> Dynabook Inc.)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-08 10:50 - 2023-08-08 10:51 - 000010813 _____ C:\Users\igorv\Downloads\FRST.txt
2023-08-08 10:50 - 2023-08-08 10:51 - 000000000 ____D C:\FRST
2023-08-07 21:50 - 2023-08-07 21:50 - 002384896 _____ (Farbar) C:\Users\igorv\Downloads\FRST64.exe
2023-08-07 20:33 - 2023-08-07 20:33 - 008791352 _____ (Malwarebytes) C:\Users\igorv\Downloads\adwcleaner (1).exe
2023-08-07 20:33 - 2023-08-07 20:33 - 000000000 ____D C:\AdwCleaner
2023-08-07 20:32 - 2023-08-07 20:33 - 008791352 _____ (Malwarebytes) C:\Users\igorv\Downloads\adwcleaner.exe
2023-08-07 20:18 - 2023-08-08 08:43 - 000000000 ____D C:\Users\igorv\AppData\Local\Malwarebytes
2023-08-07 20:18 - 2023-08-07 20:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-07 20:18 - 2023-08-07 20:18 - 000000000 ____D C:\Users\igorv\AppData\Local\mbam
2023-08-07 20:17 - 2023-08-07 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-07 20:17 - 2023-08-07 20:17 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-07 20:16 - 2023-08-07 20:16 - 002606880 _____ (Malwarebytes) C:\Users\igorv\Downloads\MBSetup.exe
2023-08-01 16:27 - 2023-08-01 16:27 - 000000000 ____D C:\Users\igorv\AppData\LocalLow\Temp
2023-07-12 08:46 - 2023-07-12 08:46 - 000000000 ___HD C:\$WinREAgent
2023-07-09 17:10 - 2023-07-09 17:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-07-09 16:59 - 2023-07-12 08:45 - 000000000 ____D C:\Windows\system32\MRT
2023-07-09 15:17 - 2023-08-07 16:14 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-07-09 15:17 - 2023-08-02 08:51 - 000003752 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-09 15:17 - 2023-08-02 08:51 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Users\igorv\AppData\Local\Google
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Users\igorv\AppData\Local\CEF
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Program Files\Google
2023-07-09 15:16 - 2023-08-08 09:56 - 000000000 ____D C:\Program Files (x86)\Google
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-08 10:49 - 2023-07-06 12:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-08 10:44 - 2023-07-06 12:48 - 000000000 ___SD C:\Users\igorv\AppData\Roaming\Microsoft\Credentials
2023-08-08 10:39 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-08 09:56 - 2023-05-05 14:26 - 000000000 ____D C:\Windows\SystemTemp
2023-08-08 08:45 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-07 20:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-06 14:54 - 2023-07-08 22:54 - 000000000 ____D C:\2
2023-08-06 12:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-03 10:59 - 2023-07-06 12:40 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-03 10:59 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-03 10:55 - 2023-07-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-03 10:55 - 2023-07-06 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-03 10:54 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-01 16:27 - 2023-07-08 22:54 - 000000000 ____D C:\1
2023-08-01 15:57 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-29 20:57 - 2023-07-06 12:33 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-27 20:41 - 2023-07-06 15:56 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-07-25 08:52 - 2023-07-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-07-12 19:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-07-12 09:01 - 2023-07-06 12:32 - 000259760 _____ C:\Windows\system32\FNTCACHE.DAT
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-07-12 08:33 - 2023-07-06 12:33 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-12 08:33 - 2023-07-06 12:33 - 000003508 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-07-09 17:39 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2023-07-09 17:33 - 2023-07-06 12:35 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-07-09 16:42 - 2023-07-06 12:52 - 000000000 ____D C:\Users\igorv\AppData\Local\ConnectedDevicesPlatform
2023-07-09 16:42 - 2023-07-06 12:48 - 000000000 ___SD C:\Users\igorv\AppData\Roaming\Microsoft\Protect
2023-07-09 16:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-07-09 16:34 - 2023-07-06 12:56 - 000000000 ____D C:\Users\igorv\AppData\Roaming\Microsoft\Spelling
2023-07-09 16:28 - 2023-07-06 12:52 - 000000000 ____D C:\Users\igorv\AppData\Local\Packages
2023-07-09 16:26 - 2023-07-06 12:50 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-09 16:25 - 2023-07-06 12:53 - 000000000 ___RD C:\Users\igorv\OneDrive
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
vyskočilo mi akési okno, akoby niečo robilo print-screen (ale môže to byť aj súčasť windowsu)
ADWC a MBAN nenašli nič
čo je toto?
2023-07-12 08:46 - 2023-07-12 08:46 - 000000000 ___HD C:\$WinREAgent
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2023
Ran by igorv (administrator) on DESKTOP-AJTU3EA (TOSHIBA Satellite L650) (08-08-2023 10:50:46)
Running from C:\Users\igorv\Downloads\FRST64.exe
Loaded Profiles: igorv
Platform: Microsoft Windows 10 Home Version 22H2 19045.3208 (X64) Language: Slovenčina (Slovensko)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\79.0.2.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <10>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe <2>
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe
(services.exe ->) (Dynabook Inc. -> Dynabook Inc.) C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1004790077-1547760064-1104730356-1001\...\Run: [MicrosoftEdgeAutoLaunch_12DCDEA817FD98234F2AB1F8B100D4B7] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4088256 2023-07-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1004790077-1547760064-1104730356-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\79.0.2.0\GoogleDriveFS.exe [147244312 2023-08-07] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6754C4FB-F1CD-4BD9-A875-750B5E558C53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-07-09] (Google LLC -> Google LLC)
Task: {07EC9FE9-14D2-48CA-BAAD-2652654C88F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2023-07-09] (Google LLC -> Google LLC)
Task: {A8DF1E3D-D72F-4018-9265-9EB81D9AC05F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {605CE1E2-1D3B-4618-8282-095077864633} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5AD6D30-7FA2-4A0B-BF64-DDF7EB431C38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D23A9DC2-4E4F-44EE-B858-BF505A1CF037} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MpCmdRun.exe [1649976 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.31.248 1.1.1.1
Tcpip\..\Interfaces\{f04d4822-7982-437d-b9b5-b933725a7599}: [DhcpNameServer] 192.168.31.248 1.1.1.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-08]
Edge HomePage: Default -> hxxp://www.google.sk/
Edge Extension: (Edge relevant text changes) - C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-25]
Edge Profile: C:\Users\igorv\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-07-09]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 DSDFunctionKeyCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDFunctionKeyCtlService.exe [708528 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S2 DSDTabletControlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\DSDTabSysSvc.exe [320496 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 DSDWirelessLEDCtlService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\RMService.exe [470504 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R2 dynabookSettingService; C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_837171cb7de3cc0e\dynabookSystemService.exe [24162712 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9267376 2023-08-07] (Malwarebytes Inc. -> Malwarebytes)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\NisSrv.exe [3244928 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.9-0\MsMpEng.exe [133576 2023-07-25] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 dhotkey; C:\Windows\System32\drivers\dhotkey.sys [52736 2023-03-22] (Dynabook Inc. -> Dynabook Inc.)
R1 dsrvctldrv; C:\Windows\System32\drivers\dsrvctldrv.sys [30256 2023-06-07] (Dynabook Inc. -> Dynabook Inc.)
R0 DVALZ_O; C:\Windows\System32\drivers\DVALZ_O.SYS [47464 2022-07-18] (Dynabook Inc. -> Dynabook Inc.)
R1 googledrivefs31092; C:\Windows\System32\DRIVERS\googledrivefs31092.sys [384600 2023-07-09] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2023-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [498944 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99608 2023-07-25] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-08 10:50 - 2023-08-08 10:51 - 000010813 _____ C:\Users\igorv\Downloads\FRST.txt
2023-08-08 10:50 - 2023-08-08 10:51 - 000000000 ____D C:\FRST
2023-08-07 21:50 - 2023-08-07 21:50 - 002384896 _____ (Farbar) C:\Users\igorv\Downloads\FRST64.exe
2023-08-07 20:33 - 2023-08-07 20:33 - 008791352 _____ (Malwarebytes) C:\Users\igorv\Downloads\adwcleaner (1).exe
2023-08-07 20:33 - 2023-08-07 20:33 - 000000000 ____D C:\AdwCleaner
2023-08-07 20:32 - 2023-08-07 20:33 - 008791352 _____ (Malwarebytes) C:\Users\igorv\Downloads\adwcleaner.exe
2023-08-07 20:18 - 2023-08-08 08:43 - 000000000 ____D C:\Users\igorv\AppData\Local\Malwarebytes
2023-08-07 20:18 - 2023-08-07 20:18 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-08-07 20:18 - 2023-08-07 20:18 - 000000000 ____D C:\Users\igorv\AppData\Local\mbam
2023-08-07 20:17 - 2023-08-07 20:17 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-08-07 20:17 - 2023-08-07 20:17 - 000000000 ____D C:\Program Files\Malwarebytes
2023-08-07 20:16 - 2023-08-07 20:16 - 002606880 _____ (Malwarebytes) C:\Users\igorv\Downloads\MBSetup.exe
2023-08-01 16:27 - 2023-08-01 16:27 - 000000000 ____D C:\Users\igorv\AppData\LocalLow\Temp
2023-07-12 08:46 - 2023-07-12 08:46 - 000000000 ___HD C:\$WinREAgent
2023-07-09 17:10 - 2023-07-09 17:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-07-09 16:59 - 2023-07-12 08:45 - 000000000 ____D C:\Windows\system32\MRT
2023-07-09 15:17 - 2023-08-07 16:14 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-07-09 15:17 - 2023-08-02 08:51 - 000003752 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2023-07-09 15:17 - 2023-08-02 08:51 - 000003628 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Users\igorv\AppData\Local\Google
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Users\igorv\AppData\Local\CEF
2023-07-09 15:17 - 2023-07-09 15:17 - 000000000 ____D C:\Program Files\Google
2023-07-09 15:16 - 2023-08-08 09:56 - 000000000 ____D C:\Program Files (x86)\Google
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-08-08 10:49 - 2023-07-06 12:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-08-08 10:44 - 2023-07-06 12:48 - 000000000 ___SD C:\Users\igorv\AppData\Roaming\Microsoft\Credentials
2023-08-08 10:39 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2023-08-08 09:56 - 2023-05-05 14:26 - 000000000 ____D C:\Windows\SystemTemp
2023-08-08 08:45 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-07 20:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-08-06 14:54 - 2023-07-08 22:54 - 000000000 ____D C:\2
2023-08-06 12:53 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2023-08-03 10:59 - 2023-07-06 12:40 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI
2023-08-03 10:59 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2023-08-03 10:55 - 2023-07-06 12:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-08-03 10:55 - 2023-07-06 12:32 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-03 10:54 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI
2023-08-01 16:27 - 2023-07-08 22:54 - 000000000 ____D C:\1
2023-08-01 15:57 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-29 20:57 - 2023-07-06 12:33 - 000002444 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-27 20:41 - 2023-07-06 15:56 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2023-07-25 08:52 - 2023-07-06 12:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-07-12 19:49 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2023-07-12 09:01 - 2023-07-06 12:32 - 000259760 _____ C:\Windows\system32\FNTCACHE.DAT
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-07-12 09:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2023-07-12 08:33 - 2023-07-06 12:33 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-12 08:33 - 2023-07-06 12:33 - 000003508 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-07-09 17:43 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2023-07-09 17:39 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2023-07-09 17:33 - 2023-07-06 12:35 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-07-09 16:42 - 2023-07-06 12:52 - 000000000 ____D C:\Users\igorv\AppData\Local\ConnectedDevicesPlatform
2023-07-09 16:42 - 2023-07-06 12:48 - 000000000 ___SD C:\Users\igorv\AppData\Roaming\Microsoft\Protect
2023-07-09 16:39 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-07-09 16:34 - 2023-07-06 12:56 - 000000000 ____D C:\Users\igorv\AppData\Roaming\Microsoft\Spelling
2023-07-09 16:28 - 2023-07-06 12:52 - 000000000 ____D C:\Users\igorv\AppData\Local\Packages
2023-07-09 16:26 - 2023-07-06 12:50 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-09 16:25 - 2023-07-06 12:53 - 000000000 ___RD C:\Users\igorv\OneDrive
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================