zdravím a prosím kontrolu
Napsal: 23 črc 2020 15:54
ADWCleaner - čisté
MBAM - čisté
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-07-2020
Ran by Janka (administrator) on LAPTOP-JANKA (LENOVO 80TJ) (23-07-2020 14:59:42)
Running from C:\Users\Janka\Downloads
Loaded Profiles: Janka
Platform: Windows 10 Home Version 1903 18362.720 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <25>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Janka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-16] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D806BFD-A423-4F1B-8357-CC81DE3B8DBD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {2237B781-A657-41B3-BCE0-07A69BBED528} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4589AB85-A5AC-4429-8199-68F265B8D3AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4FB71504-2F64-475C-A931-3CC60C15F963} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8AAC2D41-B7D7-4CA0-A80D-2D9CDA92768B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90CD0304-4ECD-4C1F-875C-29F12C705CDB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D563A77C-D736-437A-BBCB-EF533176FB78} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {D7B43E0F-D473-4CA4-81F9-31513B45E9D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24910520 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DB9C1D7B-C11E-42CE-B25F-E107164EA4BB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {DD5388E9-7B1C-4A77-920E-1BFB040EBF83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-06-07] (Google Inc -> Google Inc.)
Task: {DE203DE1-A233-443B-9F2F-3D66F3CE32B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E066EFED-1174-4F0D-BD64-A6085C46F407} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E783C4C5-2CEA-4EAC-8D2E-459C2179E0A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9F666E0-EF1F-413B-9678-DF90571DA255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-06-07] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 85.119.89.2 8.8.8.8
Tcpip\..\Interfaces\{f7b9cd55-c498-475f-be3c-1b641bdae3e7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fe16ac84-8aba-4283-8f3a-cf041ef3ac4f}: [DhcpNameServer] 85.119.89.2 8.8.8.8
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2489188112-2961885803-1461791873-1001 -> DefaultScope {C50BADC1-9265-414B-8437-6B21C282F983} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Janka\Downloads
Edge Notifications: HKU\S-1-5-21-2489188112-2961885803-1461791873-1001 -> hxxps://www.facebook.com; hxxps://www.astratex.cz; hxxps://postovnezdarma.cz
Edge DefaultProfile: Default
Edge Profile: C:\Users\Janka\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-23]
Edge DownloadDir: C:\Users\Janka\Downloads
Edge Notifications: Default -> hxxps://meet.google.com; hxxps://postovnezdarma.cz; hxxps://www.astratex.cz; hxxps://www.facebook.com; hxxps://www.kupi.cz; hxxps://www.newchic.com
Edge StartupUrls: Default -> "hxxps://vmail.centrum.cz/?utm_source=volnyHP&utm_medium=mailbox"
FireFox:
========
FF DefaultProfile: ttszok0e.default
FF ProfilePath: C:\Users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\ttszok0e.default [2020-07-23]
FF Homepage: Mozilla\Firefox\Profiles\ttszok0e.default -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\ttszok0e.default -> hxxps://novaplus.nova.cz
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (Prezentace) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [295832 2016-12-23] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574728 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [276616 2018-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmdag.sys [26587656 2016-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmpag.sys [527256 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [87840 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-17] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162960 2018-04-26] (Disc Soft Ltd -> Duplex Secure Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-23 14:59 - 2020-07-23 15:02 - 000014579 _____ C:\Users\Janka\Downloads\FRST.txt
2020-07-23 14:59 - 2020-07-23 15:01 - 000000000 ____D C:\FRST
2020-07-23 14:56 - 2020-07-23 14:58 - 002293760 _____ (Farbar) C:\Users\Janka\Downloads\FRST64.exe
2020-07-23 14:03 - 2020-07-23 14:05 - 000000000 ____D C:\AdwCleaner
2020-07-23 14:02 - 2020-07-23 14:02 - 008420016 _____ (Malwarebytes) C:\Users\Janka\Downloads\adwcleaner_8.0.6.exe
2020-07-23 08:30 - 2020-07-23 08:30 - 000000000 ___HD C:\OneDriveTemp
2020-07-23 07:31 - 2020-07-23 07:32 - 028064096 _____ (Piriform Software Ltd) C:\Users\Janka\Downloads\ccsetup569.exe
2020-07-20 18:23 - 2020-07-20 18:23 - 004824576 _____ C:\Users\Janka\Downloads\Celej_tatik_HH (1).pps
2020-07-20 18:21 - 2020-07-20 18:21 - 004824576 _____ C:\Users\Janka\Downloads\Celej_tatik_HH.pps
2020-07-20 09:45 - 2020-07-20 09:45 - 002274465 _____ C:\Users\Janka\Downloads\Trhlina_ve_dzbanu.pptx
2020-07-20 05:32 - 2020-07-20 05:32 - 001566208 _____ C:\Users\Janka\Downloads\Bohu_se_nesmi_posmivat.pps
2020-07-19 08:32 - 2020-07-19 08:32 - 004154880 _____ C:\Users\Janka\Downloads\BlueTrain-Africa.pps
2020-07-19 08:20 - 2020-07-19 08:20 - 000423424 _____ C:\Users\Janka\Downloads\Rasizmus__HP_1.pps
2020-07-19 08:15 - 2020-07-19 08:15 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco (2).pps
2020-07-19 08:15 - 2020-07-19 08:15 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco (1).pps
2020-07-18 20:09 - 2020-07-18 20:09 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco.pps
2020-07-16 18:55 - 2020-07-16 18:55 - 007267328 _____ C:\Users\Janka\Downloads\VodopaÌdy_IguazuÌ.pps
2020-07-16 18:55 - 2020-07-16 18:55 - 007267328 _____ C:\Users\Janka\Downloads\VodopaÌdy_IguazuÌ (1).pps
2020-07-16 06:02 - 2020-06-30 06:32 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-07-16 06:02 - 2020-06-30 06:26 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-07-15 18:33 - 2020-07-15 18:33 - 000000000 __SHD C:\found.004
2020-07-15 18:12 - 2020-07-15 18:12 - 000000000 __SHD C:\found.003
2020-07-14 07:23 - 2020-07-14 07:24 - 006170624 _____ C:\Users\Janka\Downloads\Krkonose_2011.pps
2020-07-13 18:58 - 2020-07-13 18:59 - 006819328 _____ C:\Users\Janka\Downloads\IN_MEMORIAM_-_Hroby_slavných.pps
2020-07-10 18:32 - 2020-07-10 18:32 - 007130624 _____ C:\Users\Janka\Downloads\Tam_ve_vysce.pps
2020-07-10 18:31 - 2020-07-10 18:31 - 000000178 _____ C:\Users\Janka\Downloads\ATT00010.html
2020-07-09 18:01 - 2020-07-09 18:02 - 007861248 _____ C:\Users\Janka\Downloads\Holandská_pohádka.pps
2020-07-08 17:26 - 2020-07-08 17:26 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose (2).pps
2020-07-08 17:25 - 2020-07-08 17:25 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose (1).pps
2020-07-08 17:24 - 2020-07-08 17:24 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose.pps
2020-07-08 17:24 - 2020-07-08 17:24 - 000000091 ____H C:\Users\Janka\Downloads\.~lock.Krkonose.pps#
2020-07-08 15:43 - 2020-07-08 15:43 - 011330560 _____ C:\Users\Janka\Downloads\G_570_FRANCIA_PROFUNDA.pps
2020-07-08 15:41 - 2020-07-08 15:41 - 006701056 _____ C:\Users\Janka\Downloads\Tombe_la_neige-_Adamo.pps
2020-07-08 15:33 - 2020-07-08 15:34 - 006160896 _____ C:\Users\Janka\Downloads\Kapky_deste (1).pps
2020-07-08 15:28 - 2020-07-08 15:29 - 016346450 _____ C:\Users\Janka\Downloads\Krasy_Tatier_ (4).ppsx
2020-07-07 18:32 - 2020-07-07 18:33 - 001838592 _____ C:\Users\Janka\Downloads\MMF.pps
2020-07-06 05:51 - 2020-07-06 05:51 - 003784704 _____ C:\Users\Janka\Downloads\C_260_La_vile_souterraine1111-2111.pps
2020-07-05 16:13 - 2020-07-05 16:14 - 000278016 _____ C:\Users\Janka\Downloads\Úžasný_obrázek_z_Burmy.pps
2020-07-03 18:33 - 2020-07-03 18:33 - 001617920 _____ C:\Users\Janka\Downloads\Děsivé_svědectví_z_Řecka.pps
2020-07-03 18:33 - 2020-07-03 18:33 - 001617920 _____ C:\Users\Janka\Downloads\Děsivé_svědectví_z_Řecka (1).pps
2020-07-03 17:48 - 2020-07-03 17:48 - 005790720 _____ C:\Users\Janka\Downloads\444_novell__basilica_de_san_marcos1.pps
2020-07-03 17:33 - 2020-07-03 17:33 - 004511744 _____ C:\Users\Janka\Downloads\Samobarvící_fotografie-nádhera1.pps
2020-07-03 17:27 - 2020-07-03 17:28 - 008308224 _____ C:\Users\Janka\Downloads\Nádherné_fotky_letošního_roku (1).pps
2020-07-03 17:26 - 2020-07-03 17:26 - 008308224 _____ C:\Users\Janka\Downloads\Nádherné_fotky_letošního_roku.pps
2020-07-02 07:12 - 2020-07-02 07:12 - 000000000 __SHD C:\found.002
2020-07-01 09:31 - 2020-07-01 09:32 - 005167104 _____ C:\Users\Janka\Downloads\Sila_umeni_-_Art.pps
2020-06-29 19:04 - 2020-06-29 19:05 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (3).mov
2020-06-29 19:03 - 2020-06-29 19:03 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (2).mov
2020-06-29 18:59 - 2020-06-29 19:00 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (1).mov
2020-06-29 18:57 - 2020-06-29 18:58 - 008153429 _____ C:\Users\Janka\Downloads\Video (7).mov
2020-06-29 18:37 - 2020-06-29 18:37 - 008153429 _____ C:\Users\Janka\Downloads\Video (6).mov
2020-06-28 19:04 - 2020-06-28 19:05 - 007312384 _____ C:\Users\Janka\Downloads\Air_Force_One_of_Vladimir_Putin.pps
2020-06-28 19:03 - 2020-06-28 19:04 - 004765184 _____ C:\Users\Janka\Downloads\Letadlo_Donalda_Trumpa.pps
2020-06-28 18:40 - 2020-06-28 18:41 - 001932288 _____ C:\Users\Janka\Downloads\TigerW (2).pps
2020-06-25 20:02 - 2020-06-25 20:02 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (4).pps
2020-06-25 19:55 - 2020-06-25 19:55 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (3).pps
2020-06-25 19:55 - 2020-06-25 19:55 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (2).pps
2020-06-24 18:11 - 2020-06-24 18:11 - 009746682 _____ C:\Users\Janka\Downloads\Video_1.mov
2020-06-24 18:08 - 2020-06-24 18:08 - 008153429 _____ C:\Users\Janka\Downloads\Video (5).mov
2020-06-24 18:07 - 2020-06-24 18:08 - 008153429 _____ C:\Users\Janka\Downloads\Video (4).mov
2020-06-24 17:43 - 2020-06-24 17:54 - 394590336 _____ C:\Users\Janka\Downloads\zasilka-ZO8XH9P9I9E5KN4X (1).zip
2020-06-24 16:46 - 2020-06-24 16:46 - 005769216 _____ C:\Users\Janka\Downloads\India_-_Červená_pevnost.pps
2020-06-24 16:32 - 2020-06-24 16:33 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK).pps
2020-06-24 16:32 - 2020-06-24 16:33 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (1).pps
2020-06-24 16:26 - 2020-06-24 16:26 - 005355520 _____ C:\Users\Janka\Downloads\Decouverte-des-fonds-marins.pps
2020-06-23 19:20 - 2020-06-23 19:33 - 394590336 _____ C:\Users\Janka\Downloads\zasilka-ZO8XH9P9I9E5KN4X.zip
2020-06-23 19:20 - 2020-06-23 19:24 - 087495390 _____ C:\Users\Janka\Downloads\VID_20200622_102238.mp4
2020-06-23 19:16 - 2020-06-23 19:19 - 080192761 _____ C:\Users\Janka\Downloads\VID_20200622_102629.mp4
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-23 14:51 - 2019-09-17 00:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-23 14:51 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-23 14:07 - 2018-05-08 17:02 - 000000000 ___RD C:\Users\Janka\Desktop\Bob
2020-07-23 08:30 - 2018-02-08 22:08 - 000000000 ___RD C:\Users\Janka\OneDrive
2020-07-23 08:15 - 2019-09-17 18:41 - 000000000 ____D C:\WINDOWS\Minidump
2020-07-23 08:15 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-07-23 08:15 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-23 07:34 - 2019-09-17 10:57 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-07-23 07:34 - 2019-09-17 02:17 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-07-23 06:53 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-23 06:53 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-23 06:42 - 2019-09-17 02:17 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2489188112-2961885803-1461791873-1001
2020-07-23 06:42 - 2019-09-17 00:35 - 000002415 _____ C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-21 07:51 - 2018-03-27 21:26 - 000000000 ____D C:\Users\Janka\AppData\Local\Packages
2020-07-20 09:52 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-07-20 05:13 - 2019-09-17 00:56 - 000005810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-20 05:13 - 2019-03-19 13:55 - 004832042 _____ C:\WINDOWS\system32\perfh005.dat
2020-07-20 05:13 - 2019-03-19 13:55 - 001368442 _____ C:\WINDOWS\system32\perfc005.dat
2020-07-20 05:06 - 2019-09-17 02:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-19 08:38 - 2019-09-17 00:35 - 000000000 ____D C:\Users\Janka
2020-07-19 07:45 - 2020-04-17 08:16 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-07-19 07:45 - 2020-04-17 08:16 - 000002264 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-07-16 07:50 - 2019-06-07 18:14 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-16 07:50 - 2019-06-07 18:14 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-07-15 19:32 - 2020-04-17 08:09 - 000003582 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-07-15 19:32 - 2020-04-17 08:09 - 000003458 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-07-02 08:19 - 2017-03-07 13:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-02 05:06 - 2018-03-24 15:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2018-03-28 18:59 - 2020-02-25 19:37 - 000005632 _____ () C:\Users\Janka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-12-20 09:11 - 2019-12-20 09:11 - 000000017 _____ () C:\Users\Janka\AppData\Local\resmon.resmoncfg
2020-03-11 21:28 - 2020-03-11 21:28 - 000000000 _____ () C:\Users\Janka\AppData\Local\{03336C97-095F-4E6E-BA09-F964BA517C67}
2020-02-15 13:11 - 2020-02-15 13:11 - 000000000 _____ () C:\Users\Janka\AppData\Local\{436FDBE4-8511-497A-BF79-D02305EBB00B}
2020-03-11 21:28 - 2020-03-11 21:28 - 000000000 _____ () C:\Users\Janka\AppData\Local\{DACD2F71-0E45-4B0B-BAAC-2E87C1F09DF9}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
MBAM - čisté
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-07-2020
Ran by Janka (administrator) on LAPTOP-JANKA (LENOVO 80TJ) (23-07-2020 14:59:42)
Running from C:\Users\Janka\Downloads
Loaded Profiles: Janka
Platform: Windows 10 Home Version 1903 18362.720 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\atiesrxx.exe
(CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <25>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Janka\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\NisSrv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16735744 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029064 2016-12-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-16] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1D806BFD-A423-4F1B-8357-CC81DE3B8DBD} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {2237B781-A657-41B3-BCE0-07A69BBED528} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4589AB85-A5AC-4429-8199-68F265B8D3AB} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4FB71504-2F64-475C-A931-3CC60C15F963} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {8AAC2D41-B7D7-4CA0-A80D-2D9CDA92768B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90CD0304-4ECD-4C1F-875C-29F12C705CDB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23810952 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D563A77C-D736-437A-BBCB-EF533176FB78} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.)
Task: {D7B43E0F-D473-4CA4-81F9-31513B45E9D5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [24910520 2020-07-09] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {DB9C1D7B-C11E-42CE-B25F-E107164EA4BB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {DD5388E9-7B1C-4A77-920E-1BFB040EBF83} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-06-07] (Google Inc -> Google Inc.)
Task: {DE203DE1-A233-443B-9F2F-3D66F3CE32B4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E066EFED-1174-4F0D-BD64-A6085C46F407} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123744 2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E783C4C5-2CEA-4EAC-8D2E-459C2179E0A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MpCmdRun.exe [512272 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9F666E0-EF1F-413B-9678-DF90571DA255} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-06-07] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 85.119.89.2 8.8.8.8
Tcpip\..\Interfaces\{f7b9cd55-c498-475f-be3c-1b641bdae3e7}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{fe16ac84-8aba-4283-8f3a-cf041ef3ac4f}: [DhcpNameServer] 85.119.89.2 8.8.8.8
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-2489188112-2961885803-1461791873-1001 -> DefaultScope {C50BADC1-9265-414B-8437-6B21C282F983} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-02] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Janka\Downloads
Edge Notifications: HKU\S-1-5-21-2489188112-2961885803-1461791873-1001 -> hxxps://www.facebook.com; hxxps://www.astratex.cz; hxxps://postovnezdarma.cz
Edge DefaultProfile: Default
Edge Profile: C:\Users\Janka\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-23]
Edge DownloadDir: C:\Users\Janka\Downloads
Edge Notifications: Default -> hxxps://meet.google.com; hxxps://postovnezdarma.cz; hxxps://www.astratex.cz; hxxps://www.facebook.com; hxxps://www.kupi.cz; hxxps://www.newchic.com
Edge StartupUrls: Default -> "hxxps://vmail.centrum.cz/?utm_source=volnyHP&utm_medium=mailbox"
FireFox:
========
FF DefaultProfile: ttszok0e.default
FF ProfilePath: C:\Users\Janka\AppData\Roaming\Mozilla\Firefox\Profiles\ttszok0e.default [2020-07-23]
FF Homepage: Mozilla\Firefox\Profiles\ttszok0e.default -> hxxps://www.seznam.cz/
FF Notifications: Mozilla\Firefox\Profiles\ttszok0e.default -> hxxps://novaplus.nova.cz
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-13] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default [2019-12-15]
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Extension: (Prezentace) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-06-07]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-07]
CHR Extension: (Chrome Media Router) - C:\Users\Janka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-17]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [295832 2016-12-23] (Advanced Micro Devices, Inc. -> AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574728 2020-06-23] (Microsoft Corporation -> Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [276616 2018-03-14] (Synaptics Incorporated -> Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-02] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmdag.sys [26587656 2016-12-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0309839.inf_amd64_168acb088d48fafb\atikmpag.sys [527256 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [87840 2016-12-23] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 amdpsp; C:\WINDOWS\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-17] (Microsoft Corporation) [File not signed]
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-06-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [224408 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73584 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-12-14] (Malwarebytes Corporation -> Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [116112 2019-08-10] (Malwarebytes Corporation -> Malwarebytes)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3150344 2016-10-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [162960 2018-04-26] (Disc Soft Ltd -> Duplex Secure Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45976 2020-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [408816 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-02] (Microsoft Windows -> Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] (CyberLink -> "CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-23 14:59 - 2020-07-23 15:02 - 000014579 _____ C:\Users\Janka\Downloads\FRST.txt
2020-07-23 14:59 - 2020-07-23 15:01 - 000000000 ____D C:\FRST
2020-07-23 14:56 - 2020-07-23 14:58 - 002293760 _____ (Farbar) C:\Users\Janka\Downloads\FRST64.exe
2020-07-23 14:03 - 2020-07-23 14:05 - 000000000 ____D C:\AdwCleaner
2020-07-23 14:02 - 2020-07-23 14:02 - 008420016 _____ (Malwarebytes) C:\Users\Janka\Downloads\adwcleaner_8.0.6.exe
2020-07-23 08:30 - 2020-07-23 08:30 - 000000000 ___HD C:\OneDriveTemp
2020-07-23 07:31 - 2020-07-23 07:32 - 028064096 _____ (Piriform Software Ltd) C:\Users\Janka\Downloads\ccsetup569.exe
2020-07-20 18:23 - 2020-07-20 18:23 - 004824576 _____ C:\Users\Janka\Downloads\Celej_tatik_HH (1).pps
2020-07-20 18:21 - 2020-07-20 18:21 - 004824576 _____ C:\Users\Janka\Downloads\Celej_tatik_HH.pps
2020-07-20 09:45 - 2020-07-20 09:45 - 002274465 _____ C:\Users\Janka\Downloads\Trhlina_ve_dzbanu.pptx
2020-07-20 05:32 - 2020-07-20 05:32 - 001566208 _____ C:\Users\Janka\Downloads\Bohu_se_nesmi_posmivat.pps
2020-07-19 08:32 - 2020-07-19 08:32 - 004154880 _____ C:\Users\Janka\Downloads\BlueTrain-Africa.pps
2020-07-19 08:20 - 2020-07-19 08:20 - 000423424 _____ C:\Users\Janka\Downloads\Rasizmus__HP_1.pps
2020-07-19 08:15 - 2020-07-19 08:15 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco (2).pps
2020-07-19 08:15 - 2020-07-19 08:15 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco (1).pps
2020-07-18 20:09 - 2020-07-18 20:09 - 004258304 _____ C:\Users\Janka\Downloads\Čínské_Tesco.pps
2020-07-16 18:55 - 2020-07-16 18:55 - 007267328 _____ C:\Users\Janka\Downloads\VodopaÌdy_IguazuÌ.pps
2020-07-16 18:55 - 2020-07-16 18:55 - 007267328 _____ C:\Users\Janka\Downloads\VodopaÌdy_IguazuÌ (1).pps
2020-07-16 06:02 - 2020-06-30 06:32 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2020-07-16 06:02 - 2020-06-30 06:26 - 000492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2020-07-15 18:33 - 2020-07-15 18:33 - 000000000 __SHD C:\found.004
2020-07-15 18:12 - 2020-07-15 18:12 - 000000000 __SHD C:\found.003
2020-07-14 07:23 - 2020-07-14 07:24 - 006170624 _____ C:\Users\Janka\Downloads\Krkonose_2011.pps
2020-07-13 18:58 - 2020-07-13 18:59 - 006819328 _____ C:\Users\Janka\Downloads\IN_MEMORIAM_-_Hroby_slavných.pps
2020-07-10 18:32 - 2020-07-10 18:32 - 007130624 _____ C:\Users\Janka\Downloads\Tam_ve_vysce.pps
2020-07-10 18:31 - 2020-07-10 18:31 - 000000178 _____ C:\Users\Janka\Downloads\ATT00010.html
2020-07-09 18:01 - 2020-07-09 18:02 - 007861248 _____ C:\Users\Janka\Downloads\Holandská_pohádka.pps
2020-07-08 17:26 - 2020-07-08 17:26 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose (2).pps
2020-07-08 17:25 - 2020-07-08 17:25 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose (1).pps
2020-07-08 17:24 - 2020-07-08 17:24 - 000903168 _____ C:\Users\Janka\Downloads\Krkonose.pps
2020-07-08 17:24 - 2020-07-08 17:24 - 000000091 ____H C:\Users\Janka\Downloads\.~lock.Krkonose.pps#
2020-07-08 15:43 - 2020-07-08 15:43 - 011330560 _____ C:\Users\Janka\Downloads\G_570_FRANCIA_PROFUNDA.pps
2020-07-08 15:41 - 2020-07-08 15:41 - 006701056 _____ C:\Users\Janka\Downloads\Tombe_la_neige-_Adamo.pps
2020-07-08 15:33 - 2020-07-08 15:34 - 006160896 _____ C:\Users\Janka\Downloads\Kapky_deste (1).pps
2020-07-08 15:28 - 2020-07-08 15:29 - 016346450 _____ C:\Users\Janka\Downloads\Krasy_Tatier_ (4).ppsx
2020-07-07 18:32 - 2020-07-07 18:33 - 001838592 _____ C:\Users\Janka\Downloads\MMF.pps
2020-07-06 05:51 - 2020-07-06 05:51 - 003784704 _____ C:\Users\Janka\Downloads\C_260_La_vile_souterraine1111-2111.pps
2020-07-05 16:13 - 2020-07-05 16:14 - 000278016 _____ C:\Users\Janka\Downloads\Úžasný_obrázek_z_Burmy.pps
2020-07-03 18:33 - 2020-07-03 18:33 - 001617920 _____ C:\Users\Janka\Downloads\Děsivé_svědectví_z_Řecka.pps
2020-07-03 18:33 - 2020-07-03 18:33 - 001617920 _____ C:\Users\Janka\Downloads\Děsivé_svědectví_z_Řecka (1).pps
2020-07-03 17:48 - 2020-07-03 17:48 - 005790720 _____ C:\Users\Janka\Downloads\444_novell__basilica_de_san_marcos1.pps
2020-07-03 17:33 - 2020-07-03 17:33 - 004511744 _____ C:\Users\Janka\Downloads\Samobarvící_fotografie-nádhera1.pps
2020-07-03 17:27 - 2020-07-03 17:28 - 008308224 _____ C:\Users\Janka\Downloads\Nádherné_fotky_letošního_roku (1).pps
2020-07-03 17:26 - 2020-07-03 17:26 - 008308224 _____ C:\Users\Janka\Downloads\Nádherné_fotky_letošního_roku.pps
2020-07-02 07:12 - 2020-07-02 07:12 - 000000000 __SHD C:\found.002
2020-07-01 09:31 - 2020-07-01 09:32 - 005167104 _____ C:\Users\Janka\Downloads\Sila_umeni_-_Art.pps
2020-06-29 19:04 - 2020-06-29 19:05 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (3).mov
2020-06-29 19:03 - 2020-06-29 19:03 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (2).mov
2020-06-29 18:59 - 2020-06-29 19:00 - 009746682 _____ C:\Users\Janka\Downloads\Video_1 (1).mov
2020-06-29 18:57 - 2020-06-29 18:58 - 008153429 _____ C:\Users\Janka\Downloads\Video (7).mov
2020-06-29 18:37 - 2020-06-29 18:37 - 008153429 _____ C:\Users\Janka\Downloads\Video (6).mov
2020-06-28 19:04 - 2020-06-28 19:05 - 007312384 _____ C:\Users\Janka\Downloads\Air_Force_One_of_Vladimir_Putin.pps
2020-06-28 19:03 - 2020-06-28 19:04 - 004765184 _____ C:\Users\Janka\Downloads\Letadlo_Donalda_Trumpa.pps
2020-06-28 18:40 - 2020-06-28 18:41 - 001932288 _____ C:\Users\Janka\Downloads\TigerW (2).pps
2020-06-25 20:02 - 2020-06-25 20:02 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (4).pps
2020-06-25 19:55 - 2020-06-25 19:55 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (3).pps
2020-06-25 19:55 - 2020-06-25 19:55 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (2).pps
2020-06-24 18:11 - 2020-06-24 18:11 - 009746682 _____ C:\Users\Janka\Downloads\Video_1.mov
2020-06-24 18:08 - 2020-06-24 18:08 - 008153429 _____ C:\Users\Janka\Downloads\Video (5).mov
2020-06-24 18:07 - 2020-06-24 18:08 - 008153429 _____ C:\Users\Janka\Downloads\Video (4).mov
2020-06-24 17:43 - 2020-06-24 17:54 - 394590336 _____ C:\Users\Janka\Downloads\zasilka-ZO8XH9P9I9E5KN4X (1).zip
2020-06-24 16:46 - 2020-06-24 16:46 - 005769216 _____ C:\Users\Janka\Downloads\India_-_Červená_pevnost.pps
2020-06-24 16:32 - 2020-06-24 16:33 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK).pps
2020-06-24 16:32 - 2020-06-24 16:33 - 004273664 _____ C:\Users\Janka\Downloads\Krasy_Madeiry__(ZVUK) (1).pps
2020-06-24 16:26 - 2020-06-24 16:26 - 005355520 _____ C:\Users\Janka\Downloads\Decouverte-des-fonds-marins.pps
2020-06-23 19:20 - 2020-06-23 19:33 - 394590336 _____ C:\Users\Janka\Downloads\zasilka-ZO8XH9P9I9E5KN4X.zip
2020-06-23 19:20 - 2020-06-23 19:24 - 087495390 _____ C:\Users\Janka\Downloads\VID_20200622_102238.mp4
2020-06-23 19:16 - 2020-06-23 19:19 - 080192761 _____ C:\Users\Janka\Downloads\VID_20200622_102629.mp4
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-07-23 14:51 - 2019-09-17 00:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-07-23 14:51 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-07-23 14:07 - 2018-05-08 17:02 - 000000000 ___RD C:\Users\Janka\Desktop\Bob
2020-07-23 08:30 - 2018-02-08 22:08 - 000000000 ___RD C:\Users\Janka\OneDrive
2020-07-23 08:15 - 2019-09-17 18:41 - 000000000 ____D C:\WINDOWS\Minidump
2020-07-23 08:15 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-07-23 08:15 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-07-23 07:34 - 2019-09-17 10:57 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2020-07-23 07:34 - 2019-09-17 02:17 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2020-07-23 06:53 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-07-23 06:53 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-07-23 06:42 - 2019-09-17 02:17 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2489188112-2961885803-1461791873-1001
2020-07-23 06:42 - 2019-09-17 00:35 - 000002415 _____ C:\Users\Janka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-07-21 07:51 - 2018-03-27 21:26 - 000000000 ____D C:\Users\Janka\AppData\Local\Packages
2020-07-20 09:52 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-07-20 05:13 - 2019-09-17 00:56 - 000005810 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-07-20 05:13 - 2019-03-19 13:55 - 004832042 _____ C:\WINDOWS\system32\perfh005.dat
2020-07-20 05:13 - 2019-03-19 13:55 - 001368442 _____ C:\WINDOWS\system32\perfc005.dat
2020-07-20 05:06 - 2019-09-17 02:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-07-19 08:38 - 2019-09-17 00:35 - 000000000 ____D C:\Users\Janka
2020-07-19 07:45 - 2020-04-17 08:16 - 000002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-07-19 07:45 - 2020-04-17 08:16 - 000002264 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-07-16 07:50 - 2019-06-07 18:14 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-07-16 07:50 - 2019-06-07 18:14 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-07-15 19:32 - 2020-04-17 08:09 - 000003582 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-07-15 19:32 - 2020-04-17 08:09 - 000003458 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-07-02 08:19 - 2017-03-07 13:41 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-07-02 05:06 - 2018-03-24 15:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
==================== Files in the root of some directories ========
2018-03-28 18:59 - 2020-02-25 19:37 - 000005632 _____ () C:\Users\Janka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2019-12-20 09:11 - 2019-12-20 09:11 - 000000017 _____ () C:\Users\Janka\AppData\Local\resmon.resmoncfg
2020-03-11 21:28 - 2020-03-11 21:28 - 000000000 _____ () C:\Users\Janka\AppData\Local\{03336C97-095F-4E6E-BA09-F964BA517C67}
2020-02-15 13:11 - 2020-02-15 13:11 - 000000000 _____ () C:\Users\Janka\AppData\Local\{436FDBE4-8511-497A-BF79-D02305EBB00B}
2020-03-11 21:28 - 2020-03-11 21:28 - 000000000 _____ () C:\Users\Janka\AppData\Local\{DACD2F71-0E45-4B0B-BAAC-2E87C1F09DF9}
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
