Stránka 1 z 1

Kontrola FRST logů

Napsal: 29 čer 2019 14:38
od michi_trung
Dobrý den,
chtěl bych si nechat zkontrolovat logy. Poslední týden se mi stává, že se mi počítač náhodně odpojí od internetu na 1-3 sekundy a zpětně se připojí zpět. Stává se to pravidelně co 1-3 hodiny. Měl jsem zapojené dva PC přes ethernet a výpadek se vyskytuje pouze na mém počítači.

FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by micha (administrator) on DESKTOP-D6F6QG1 (Micro-Star International Co., Ltd MS-7A34) (29-06-2019 15:26:36)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9063712 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1150648 2017-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [f.lux] => C:\Users\micha\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [25386912 2019-06-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Vivaldi Update Notifier] => "C:\Users\micha\AppData\Local\Vivaldi\Application\update_notifier.exe"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0423729D-EBEA-48DA-824B-5CDB6CFD0E9F} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [661240 2018-08-02] (Advanced Micro Devices Inc. -> )
Task: {1B21FDF9-EB67-41DD-9615-E51573AC92BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C04DCD6-A19D-40CB-B139-4720C5400A7F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20254801-F25B-406C-90C0-DC4922917D69} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {301571E8-0A1C-49BD-8CDC-DC948D864F9A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31CCFE3A-F4DA-49A5-B5D7-66A5F03F0282} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Users\micha\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-20] (Mega Limited -> Mega Limited)
Task: {3ECCC203-D7BE-4DF3-98C2-29F68878AA19} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {43218A25-38E1-498B-A890-DB4F3AB60B88} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {45A3053C-ED25-4DFB-A0F4-B5908F51AB29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B55F0F1-1C55-47A2-BB12-B25EB8ED5D6D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6474DD-2C9E-419B-89F2-1C88E42E6943} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {528CC7FC-CA4B-4E4F-A869-665422BAF44E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DF08315-B107-4A7A-BE58-4B03DAC38A00} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [332912 2018-11-07] (NZXT -> )
Task: {5E886EC2-98A6-4C9A-8ACE-9ACFDDDEBC86} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {635545C6-4B85-46B6-B5F5-8D4D8566B528} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {7968D3E2-AB37-4ACE-83A2-BA245CAC40CE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8D22E1DE-283F-497F-85A6-B1E876A8985B} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A03783BC-34FD-4312-83EB-1E39A45FFCB1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A38B9AA8-F4F0-47D9-B871-9DAAE24BBC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AF1CBB6A-76C4-4DC6-B248-31E5FD78D0ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {AFF61958-49D7-45A1-9D3B-E5BF18B00583} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF90CE64-B666-4638-95DC-7A1E1FBEA937} - System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C77E751A-91A0-46AE-882D-9E43CC7709F2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D03E1B6E-F5EF-4333-9923-952327330BD0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3353784 2018-07-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {D047D3FD-F387-4FBF-8474-9D7B20531655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {D466CC99-FA00-428B-B1E4-9EC680E55993} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D63472F2-C507-40E8-970E-A17A3E84885E} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
Task: {D9F39606-E84C-4A8F-B944-9FA047205ED3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {E5A43161-891D-4890-BB61-081DB2C50C83} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2179145-EA09-4F98-A265-1FCCDD7F293C} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F84E7356-A3BC-4911-95F7-9AE1613EF967} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{0440be48-4edf-4eba-964c-9eecfd98950a}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{56db64ee-b847-4229-ba2e-fb8c18985a54}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: qqp4w2aq.default
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default [2019-06-29]
FF Extension: (Avast Passwords) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-15] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\sp@avast.com.xpi [2018-12-19]
FF Extension: (uBlock Origin) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\uBlock0@raymondhill.net.xpi [2018-12-16]
FF Extension: (Avast Online Security) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2019-06-29]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-24]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-24]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-24]
CHR Extension: (uBlock Origin) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21]
CHR Extension: (Avast Passwords) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2019-05-15]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Avast Online Security) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-06]
CHR Extension: (Heap Poznámka) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2018-06-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-24]
CHR Extension: (Material Simple Dark Grey) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2019-05-15]
CHR Extension: (Click&Clean App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-06-23]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2018-03-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507960 2018-11-30] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-12-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SWGVCSvc; C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe [325632 2017-04-28] (SonicWall Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1122200 2018-08-30] (Realtek Semiconductor Corp. -> Realtek )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-02-03] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 15:26 - 2019-06-29 15:27 - 000032570 _____ C:\Users\micha\Desktop\FRST.txt
2019-06-29 15:25 - 2019-06-29 15:25 - 002418688 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2019-06-29 14:29 - 2019-06-29 14:29 - 000000000 ____D C:\Windows\pss
2019-06-29 14:12 - 2019-06-29 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-06-29 14:11 - 2019-06-29 14:19 - 000498890 _____ C:\Windows\ntbtlog.txt
2019-06-29 02:46 - 2019-06-29 02:46 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-29 02:46 - 2019-06-29 02:46 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-29 02:46 - 2019-06-29 02:46 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-24 00:28 - 2019-06-24 00:28 - 002622054 _____ C:\Users\micha\Documents\Untitled 1.bmp
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2019-06-20 11:48 - 2019-06-20 11:48 - 000000000 ____D C:\Program Files\UNP
2019-06-17 23:40 - 2019-06-17 23:40 - 000287204 _____ C:\Users\micha\Downloads\video-1558264822.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000199449 _____ C:\Users\micha\Downloads\video-1557745420.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000129305 _____ C:\Users\micha\Downloads\video-1559137326.mp4
2019-06-17 23:39 - 2019-06-17 23:39 - 000390979 _____ C:\Users\micha\Downloads\video-1558546587.mp4
2019-06-17 20:15 - 2019-06-17 20:15 - 000105486 _____ C:\Users\micha\Downloads\ticket-ID0B6B.pdf
2019-06-13 21:41 - 2019-06-13 21:41 - 000000022 _____ C:\Users\micha\Downloads\MEGA-RECOVERYKEY.txt
2019-06-12 18:34 - 2019-06-12 18:34 - 001993528 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\Documents\Sony
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Apple Computer
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 023438336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 018999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012869120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012162048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 007875072 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006547144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006309256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006068224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003385344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003091968 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002926096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002653696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001929216 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001670840 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001466496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 001223168 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001219424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001048592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000863544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000773632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000752144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000730592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000676048 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000553664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000513904 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000506192 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-11 19:24 - 2019-06-11 19:24 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000419368 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000386576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000137056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000101176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BingFilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000087864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-06-06 22:08 - 2019-06-06 22:09 - 000000000 ____D C:\Users\micha\Documents\istqb
2019-06-06 22:08 - 2019-06-06 22:08 - 001491527 _____ C:\Users\micha\Downloads\fwfewpapers.zip
2019-06-02 18:49 - 2019-06-02 20:28 - 000583179 _____ C:\Users\micha\Documents\checkcheck.csv
2019-06-01 21:38 - 2019-06-01 21:38 - 000001114 _____ C:\Users\micha\Desktop\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000001100 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\StarTrinity CST
2019-06-01 20:40 - 2019-06-01 20:40 - 000000000 ____D C:\Users\micha\Downloads\startrinity_cst
2019-06-01 20:38 - 2019-06-01 20:38 - 001560001 _____ C:\Users\micha\Downloads\startrinity_cst.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 15:26 - 2018-12-28 18:15 - 000000000 ____D C:\FRST
2019-06-29 15:24 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2019-06-29 15:24 - 2018-06-24 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\AVAST Software
2019-06-29 15:21 - 2018-06-24 21:23 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-29 15:19 - 2018-12-20 22:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-29 15:19 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2019-06-29 15:19 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-29 15:18 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-06-29 14:46 - 2019-02-14 23:18 - 000745808 _____ C:\Windows\system32\perfh005.dat
2019-06-29 14:46 - 2019-02-14 23:18 - 000160320 _____ C:\Windows\system32\perfc005.dat
2019-06-29 14:46 - 2018-12-20 22:26 - 001834764 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-29 14:46 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-06-29 14:10 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2019-06-29 14:10 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job
2019-06-29 14:09 - 2018-08-20 12:27 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2019-06-29 14:09 - 2018-06-24 21:55 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2019-06-29 12:26 - 2019-02-21 20:48 - 000003194 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-29 12:26 - 2019-02-21 20:48 - 000002234 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-29 12:26 - 2019-01-26 11:25 - 000002580 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-06-29 12:26 - 2019-01-26 11:15 - 000002582 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2019-06-29 12:26 - 2019-01-04 06:27 - 000002280 _____ C:\Windows\System32\Tasks\MSIGH_Host
2019-06-29 12:26 - 2018-12-20 22:24 - 000002854 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-38818341-3388588964-4190228223-1001
2019-06-29 12:26 - 2018-12-20 22:22 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-29 12:26 - 2018-12-20 22:22 - 000003196 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003152 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-29 12:26 - 2018-12-20 22:22 - 000003048 _____ C:\Windows\System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002800 _____ C:\Windows\System32\Tasks\update-sys
2019-06-29 12:26 - 2018-12-20 22:22 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002388 _____ C:\Windows\System32\Tasks\NahimicVRSvc64Run
2019-06-29 12:26 - 2018-12-20 22:22 - 000002380 _____ C:\Windows\System32\Tasks\NahimicVRSvc32Run
2019-06-29 12:26 - 2018-12-20 22:22 - 000002148 _____ C:\Windows\System32\Tasks\MSISW_Host
2019-06-29 12:26 - 2018-12-20 22:22 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-29 02:46 - 2019-02-18 00:40 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-29 02:46 - 2019-01-14 19:47 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-29 02:46 - 2018-12-20 22:22 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-29 02:46 - 2018-10-29 22:46 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-29 02:46 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-29 02:46 - 2018-06-24 21:23 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-28 23:58 - 2018-08-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Lightshot
2019-06-28 23:34 - 2018-12-20 22:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-28 20:06 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-28 20:06 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-06-28 12:10 - 2019-05-08 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-27 19:40 - 2019-04-17 22:00 - 000003856 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-06-27 19:40 - 2019-04-17 22:00 - 000003272 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-06-27 19:40 - 2018-08-25 11:34 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-06-27 11:18 - 2018-06-24 21:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-26 19:01 - 2018-06-25 09:12 - 000000000 ____D C:\Users\Public\Logi
2019-06-26 13:14 - 2018-06-24 21:28 - 000000000 ____D C:\MSI
2019-06-24 13:47 - 2018-06-25 08:28 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2019-06-23 19:02 - 2018-08-08 22:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2019-06-23 12:24 - 2019-01-22 01:55 - 000000000 ____D C:\Users\micha\AppData\Roaming\Code
2019-06-22 15:23 - 2018-06-24 21:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 23:46 - 2019-05-18 23:13 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2019-06-20 11:47 - 2018-12-20 22:18 - 000002363 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-20 11:47 - 2018-06-24 21:19 - 000000000 ___RD C:\Users\micha\OneDrive
2019-06-18 09:04 - 2018-06-24 21:28 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-17 19:55 - 2018-06-24 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\Telegram Desktop
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2019-06-13 21:48 - 2019-05-18 09:07 - 000000000 ___HD C:\Users\micha\Documents\ASP.core.sys
2019-06-12 18:34 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 ___RD C:\Users\micha\3D Objects
2019-06-12 18:31 - 2018-12-20 22:17 - 000258168 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 00:01 - 2019-05-21 22:55 - 000000000 ____D C:\Users\micha\Documents\angelvoice
2019-06-11 19:21 - 2018-06-24 23:01 - 000000000 ____D C:\Windows\system32\MRT
2019-06-11 19:19 - 2018-06-24 23:01 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-10 00:45 - 2018-12-20 22:18 - 000000000 ____D C:\Users\micha
2019-06-02 21:11 - 2018-06-24 21:18 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2019-06-02 20:47 - 2018-06-24 21:19 - 000000000 ____D C:\Users\micha\AppData\Local\PlaceholderTileLogoFolder
2019-06-02 20:44 - 2018-07-10 19:07 - 000000000 ____D C:\ProgramData\Packages
2019-06-02 18:30 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF
2019-05-31 20:03 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-31 20:03 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ================

2018-08-16 12:57 - 2019-01-06 17:18 - 000001456 _____ () C:\Users\micha\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2018-12-21 09:44 - 2018-12-21 09:44 - 000007605 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg
2018-08-05 15:58 - 2018-08-05 15:58 - 000000003 _____ () C:\Users\micha\AppData\Local\updater.log
2018-08-05 15:58 - 2018-08-05 15:58 - 000000425 _____ () C:\Users\micha\AppData\Local\UserProducts.xml

==================== FLock ================

2018-06-24 21:14 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by micha (29-06-2019 15:27:22)
Running from C:\Users\micha\Desktop
Windows 10 Pro Version 1809 17763.557 (X64) (2018-12-20 20:22:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38818341-3388588964-4190228223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38818341-3388588964-4190228223-503 - Limited - Disabled)
Guest (S-1-5-21-38818341-3388588964-4190228223-501 - Limited - Disabled)
micha (S-1-5-21-38818341-3388588964-4190228223-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-38818341-3388588964-4190228223-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 1.5.3.0902 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{716F53C3-0B3F-4FB7-9AD7-9BC7DB7134A1}) (Version: 1.4.0.0659 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
Atom (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.0.1447.81 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{510D7DF1-732A-4E0D-9FE7-0BCBB9481A2F}) (Version: 3.44.5504.6203 - Google, Inc.)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BOINC (HKLM\...\{96E0C65F-95D1-437B-80D7-5A180AED06D8}) (Version: 7.14.2 - Space Sciences Laboratory, U.C. Berkeley)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
DBeaver 5.3.3 (HKLM\...\DBeaver) (Version: 5.3.3 - JKISS)
Discord (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
EaseUS Partition Master 13.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Flux) (Version: - f.lux Software LLC)
Global VPN Client (HKLM\...\{7D7ED176-EA00-4B2B-B421-AA19A451F650}) (Version: 4.10.2 - SonicWall)
Google Chrome (HKLM\...\{A5573283-D630-3900-8DCE-E463BDDB5E0E}) (Version: 75.0.3770.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.33.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.87 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.83 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.50 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PhotoFiltre (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\PhotoFiltre) (Version: - )
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Spotify (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.7.7 (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.7 - Telegram Messenger LLP)
TransMac version 12.3 (HKLM-x32\...\TransMac_is1) (Version: 12.3 - Acute Systems)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-38818341-3388588964-4190228223-1001_Classes\CLSID\{E24715A6-33C2-41EF-827E-54C52CBFB9E4} -> [MEGAsync] => C:\Users\micha\Documents\MEGAsync [2018-08-18 17:42]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-04 06:27 - 2017-08-02 15:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2019-01-04 06:22 - 2005-07-18 14:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-01-04 06:27 - 2015-06-23 17:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2018-06-24 21:22 - 2018-04-30 14:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-28 11:37 - 2017-04-28 11:37 - 000099840 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWCommon.dll
2017-04-28 11:35 - 2017-04-28 11:35 - 000325632 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
2017-04-28 11:37 - 2017-04-28 11:37 - 000323072 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWIPHlp.dll
2019-01-04 06:27 - 2016-10-03 14:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-01-04 10:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CB72B931-33C0-4A1D-88F0-1F4E7374592C}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E91B3F4A-A178-4395-ABFB-28EDF530A6E4}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AAC7AC04-25A2-4EAE-A117-DBDAE351C17C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8A88AAAE-CFDF-4A79-BDF4-F7C6D71A49C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1A96DC07-5900-41CB-A2AB-AAD364A3DF37}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BD3E443F-6067-4620-A906-A0D5D309CEEC}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B79DE517-FFBD-4E7C-BC1C-4CE16FF8EC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{5DFF9317-8609-408D-9683-9CD318BDB910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{8BCA1821-E9ED-4B68-9DFA-37434ED7A4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C45BC43D-79CC-41AF-BA8B-ED75601C7E2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D73EE1B-843E-4BF1-B7B1-67C18C722B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [{BB920077-E310-4FEC-B708-FCA8EA2DBF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [UDP Query User{39B8FF5A-E7F4-47D1-9076-9DA4F256A309}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7EF0060D-EFBE-4F26-AC4A-08CE3F5B8C97}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8502B645-ED11-4794-BE19-C0DEE641E48A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB7A403B-0E47-4B5E-AAC1-1A78A47F7C1B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{52471536-226B-479E-8399-C315B5C9E0F2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{673E21B2-4C90-4F11-9CBE-94D5D846E37F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7609A11D-5F8D-4083-B4CE-E9D1485E0056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{ACD2B5AC-FAA4-4E40-A4CA-EE52CE923021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{B2030520-29D7-4AFB-8F50-CF25011DE8AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7CDBC504-A58D-4984-9D79-AD25DE230488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{2BCBCE19-2DF0-46C4-8910-ED90D3930CDF}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{7648F28F-0355-4E3C-9149-8F74557AA55F}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C9DE8735-C730-4D2C-9E9E-E9F89E8388F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{670681E0-18C1-4E98-BA12-1CE06556D51E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2066B1A2-04D7-492B-8C35-5BAAC95FBE16}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{A765A1A3-9A3A-4B8B-B292-301B33BC381E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{4DF2D7B1-7659-4B85-8FB3-C8C8446F6572}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{35655605-834F-450A-B196-A2091562EF4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A0075545-70D6-4981-A3D0-52335E314612}] => (Allow) LPort=38518
FirewallRules: [{D5B3C128-E696-4ADA-936A-0CC76D7BFD96}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{FCAA088D-DE82-427C-9774-673EECB428B2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [UDP Query User{A1D26C14-29C2-4144-854F-2B22DAF317D7}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [{9ED571AC-5D8B-471D-8C8D-C16EA90F8818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1A5A2D5-B0F6-4068-B7E0-0E779B3FD97B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06CC4099-7916-47C4-9123-F56D5C0966B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A07A5566-D72C-4E5E-8A89-2B9EDED20ADE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CD8C3CCE-63BE-4AD9-8029-209888340686}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [UDP Query User{4EFC8FE2-F157-4AEC-9CCB-8E219A049006}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [TCP Query User{C13C79A3-FDFB-407E-97D3-643732752F0D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0668304E-F515-44C9-8C5E-FF18403ECA9E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B6743686-FC11-4590-A0A1-C01DC7B5034C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{951C24B6-E7B0-4763-A981-8BEA5168BE4A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{6C77F08E-8594-49F1-A573-079E56D30223}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{C374A54E-C232-4D4E-817E-FA25D05AA381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{719819A3-DDA1-458F-85DD-535BEC2D0C15}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{25847B54-3887-4DC1-B723-3613F624F3D4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4DF3D67-2BFA-4C51-8085-838E5DE9AC40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{592A6E15-E35D-434B-823C-C97E2A345276}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [{C0CCA766-F567-4CF5-944C-6EBE295C7884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{32C9CD54-9A84-4731-9E9D-48EB154C0524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [TCP Query User{8358D2DB-A3D2-46EE-9610-6F4F3A82F25E}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [UDP Query User{4D6B89F4-29C2-4CD0-8C2F-6EDC5283E4A7}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [{1B3703AA-D7E5-4794-BA91-B3409BFBF578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{949226C0-E56D-469E-82C5-971BEF2E3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{AF87E0D2-0ABD-4A2E-B77D-C7B0C46FC74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{3C102020-33E7-472F-9F94-F0157F0FC015}] => (Allow) LPort=26789
FirewallRules: [{CFD908BC-B718-4B11-B966-14FFD13B2F48}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2019 02:55:20 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:49:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:49:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:47:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrent.exe, version: 2.2.1.25534, time stamp: 0x4e4594ce
Faulting module name: GDI32.dll, version: 10.0.17763.1, time stamp: 0x1c1f7575
Exception code: 0xc000041d
Fault offset: 0x000060d7
Faulting process ID: 0x2a6c
Faulting application start time: 0x01d52e65cfaf5ed7
Faulting application path: C:\Users\micha\AppData\Roaming\uTorrent\utorrent.exe
Faulting module path: C:\Windows\System32\GDI32.dll
Report ID: 653baeb9-6a68-48bc-9fca-e0d8e86880ea
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2019 07:09:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (06/27/2019 09:08:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (06/27/2019 07:03:13 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).


System errors:
=============
Error: (06/29/2019 03:23:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:20:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:19:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:18:43 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:18:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:17:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:13:46 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:07:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================

Date: 2019-06-29 15:19:20.744
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.736
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.048
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.045
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.038
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.037
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.H0 05/02/2018
Motherboard: Micro-Star International Co., Ltd B350 TOMAHAWK (MS-7A34)
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 16335.17 MB
Available physical RAM: 11813.33 MB
Total Virtual: 18767.17 MB
Available Virtual: 11778.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:316.64 GB) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:251.13 GB) NTFS
Drive e: () (Fixed) (Total:698.63 GB) (Free:315.57 GB) NTFS

\\?\Volume{a6fe17bf-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{1ab6e469-f0a9-494f-8ec7-6e1e9fac5df2}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 032C9658)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BCEBE8A2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 1AAF1E19)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0F Extended)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A6FE17BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Díky

Re: Kontrola FRST logů

Napsal: 30 čer 2019 03:29
od Conder
Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj

Re: Kontrola FRST logů

Napsal: 30 čer 2019 18:43
od michi_trung
Ahoj,
zde je log
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-30-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\Hola
Deleted C:\Users\micha\AppData\Roaming\Hola

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKLM\Software\Hola
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1833 octets] - [30/06/2019 19:39:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Re: Kontrola FRST logů

Napsal: 30 čer 2019 21:06
od Conder
:arrow: Poprosim o obidva nove logy z FRST.

Re: Kontrola FRST logů

Napsal: 01 črc 2019 21:38
od michi_trung
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2019
Ran by micha (administrator) on DESKTOP-D6F6QG1 (Micro-Star International Co., Ltd MS-7A34) (01-07-2019 22:22:34)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: Angličtina (Spojené království)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9063712 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1150648 2017-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [f.lux] => C:\Users\micha\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [25386912 2019-06-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Vivaldi Update Notifier] => "C:\Users\micha\AppData\Local\Vivaldi\Application\update_notifier.exe"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0423729D-EBEA-48DA-824B-5CDB6CFD0E9F} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [661240 2018-08-02] (Advanced Micro Devices Inc. -> )
Task: {1B21FDF9-EB67-41DD-9615-E51573AC92BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C04DCD6-A19D-40CB-B139-4720C5400A7F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20254801-F25B-406C-90C0-DC4922917D69} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {301571E8-0A1C-49BD-8CDC-DC948D864F9A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31CCFE3A-F4DA-49A5-B5D7-66A5F03F0282} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Users\micha\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-20] (Mega Limited -> Mega Limited)
Task: {3ECCC203-D7BE-4DF3-98C2-29F68878AA19} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {43218A25-38E1-498B-A890-DB4F3AB60B88} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {45A3053C-ED25-4DFB-A0F4-B5908F51AB29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B55F0F1-1C55-47A2-BB12-B25EB8ED5D6D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6474DD-2C9E-419B-89F2-1C88E42E6943} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {528CC7FC-CA4B-4E4F-A869-665422BAF44E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DF08315-B107-4A7A-BE58-4B03DAC38A00} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [332912 2018-11-07] (NZXT -> )
Task: {5E886EC2-98A6-4C9A-8ACE-9ACFDDDEBC86} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {635545C6-4B85-46B6-B5F5-8D4D8566B528} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {7968D3E2-AB37-4ACE-83A2-BA245CAC40CE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8D22E1DE-283F-497F-85A6-B1E876A8985B} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A03783BC-34FD-4312-83EB-1E39A45FFCB1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A38B9AA8-F4F0-47D9-B871-9DAAE24BBC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AF1CBB6A-76C4-4DC6-B248-31E5FD78D0ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {AFF61958-49D7-45A1-9D3B-E5BF18B00583} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF90CE64-B666-4638-95DC-7A1E1FBEA937} - System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C77E751A-91A0-46AE-882D-9E43CC7709F2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D03E1B6E-F5EF-4333-9923-952327330BD0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3353784 2018-07-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {D047D3FD-F387-4FBF-8474-9D7B20531655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {D466CC99-FA00-428B-B1E4-9EC680E55993} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D63472F2-C507-40E8-970E-A17A3E84885E} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
Task: {D9F39606-E84C-4A8F-B944-9FA047205ED3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {E5A43161-891D-4890-BB61-081DB2C50C83} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2179145-EA09-4F98-A265-1FCCDD7F293C} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F84E7356-A3BC-4911-95F7-9AE1613EF967} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{0440be48-4edf-4eba-964c-9eecfd98950a}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{56db64ee-b847-4229-ba2e-fb8c18985a54}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: qqp4w2aq.default
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default [2019-06-29]
FF Extension: (Avast Passwords) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-15] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\sp@avast.com.xpi [2018-12-19]
FF Extension: (uBlock Origin) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\uBlock0@raymondhill.net.xpi [2018-12-16]
FF Extension: (Avast Online Security) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2019-07-01]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-24]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-24]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-24]
CHR Extension: (uBlock Origin) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21]
CHR Extension: (Avast Passwords) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2019-05-15]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-24]
CHR Extension: (Video Downloader PLUS) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2019-07-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Avast Online Security) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-01]
CHR Extension: (Heap Poznámka) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2018-06-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-24]
CHR Extension: (Material Simple Dark Grey) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2019-05-15]
CHR Extension: (Click&Clean App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-06-23]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2018-03-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507960 2018-11-30] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-12-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SWGVCSvc; C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe [325632 2017-04-28] (SonicWall Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1122200 2018-08-30] (Realtek Semiconductor Corp. -> Realtek )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-02-03] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
2019-07-01 22:10 - 2019-07-01 22:10 - 001931083 _____ C:\Users\micha\Downloads\66335396_470674170175139_6748595248698102044_n.mp4
2019-06-30 19:39 - 2019-06-30 19:40 - 000000000 ____D C:\AdwCleaner
2019-06-30 19:38 - 2019-06-30 19:38 - 007025360 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.3.exe
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\wbinfesmiq.txt
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\uhxqliytmgyhzag.txt
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\dihvxttbczmhidxxb.txt
2019-06-29 15:35 - 2019-06-29 15:35 - 000000002 _____ C:\Users\micha\Desktop\qsbggapvnmukqmgxu.txt
2019-06-29 15:35 - 2019-06-29 15:35 - 000000002 _____ C:\Users\micha\Desktop\atejkcvqgdcnqd.txt
2019-06-29 15:27 - 2019-06-29 15:27 - 000043516 _____ C:\Users\micha\Desktop\Addition.txt
2019-06-29 15:26 - 2019-07-01 22:23 - 000030534 _____ C:\Users\micha\Desktop\FRST.txt
2019-06-29 15:25 - 2019-07-01 22:22 - 002419200 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2019-06-29 14:29 - 2019-06-29 14:29 - 000000000 ____D C:\Windows\pss
2019-06-29 14:12 - 2019-06-29 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-06-29 14:11 - 2019-06-29 14:19 - 000498890 _____ C:\Windows\ntbtlog.txt
2019-06-29 02:46 - 2019-06-29 02:46 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-29 02:46 - 2019-06-29 02:46 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-29 02:46 - 2019-06-29 02:46 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-24 00:28 - 2019-06-24 00:28 - 002622054 _____ C:\Users\micha\Documents\Untitled 1.bmp
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2019-06-20 11:48 - 2019-06-20 11:48 - 000000000 ____D C:\Program Files\UNP
2019-06-17 23:40 - 2019-06-17 23:40 - 000287204 _____ C:\Users\micha\Downloads\video-1558264822.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000199449 _____ C:\Users\micha\Downloads\video-1557745420.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000129305 _____ C:\Users\micha\Downloads\video-1559137326.mp4
2019-06-17 23:39 - 2019-06-17 23:39 - 000390979 _____ C:\Users\micha\Downloads\video-1558546587.mp4
2019-06-17 20:15 - 2019-06-17 20:15 - 000105486 _____ C:\Users\micha\Downloads\ticket-ID0B6B.pdf
2019-06-13 21:41 - 2019-06-13 21:41 - 000000022 _____ C:\Users\micha\Downloads\MEGA-RECOVERYKEY.txt
2019-06-12 18:34 - 2019-06-12 18:34 - 001993528 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\Documents\Sony
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Apple Computer
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 023438336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 018999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012869120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012162048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 007875072 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006547144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006309256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006068224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003385344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003091968 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002926096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002653696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001929216 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001670840 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001466496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 001223168 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001219424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001048592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000863544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000773632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000752144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000730592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000676048 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000553664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000513904 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000506192 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-11 19:24 - 2019-06-11 19:24 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000419368 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000386576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000137056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000101176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BingFilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000087864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-06-06 22:08 - 2019-06-06 22:09 - 000000000 ____D C:\Users\micha\Documents\istqb
2019-06-06 22:08 - 2019-06-06 22:08 - 001491527 _____ C:\Users\micha\Downloads\fwfewpapers.zip
2019-06-02 18:49 - 2019-06-02 20:28 - 000583179 _____ C:\Users\micha\Documents\checkcheck.csv
2019-06-01 21:38 - 2019-06-01 21:38 - 000001114 _____ C:\Users\micha\Desktop\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000001100 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\StarTrinity CST
2019-06-01 20:40 - 2019-06-01 20:40 - 000000000 ____D C:\Users\micha\Downloads\startrinity_cst
2019-06-01 20:38 - 2019-06-01 20:38 - 001560001 _____ C:\Users\micha\Downloads\startrinity_cst.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-01 22:22 - 2018-12-28 18:15 - 000000000 ____D C:\FRST
2019-07-01 22:21 - 2019-01-22 01:55 - 000000000 ____D C:\Users\micha\AppData\Roaming\Code
2019-07-01 22:20 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-01 22:16 - 2019-02-21 20:48 - 000003194 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-01 22:16 - 2019-02-21 20:48 - 000002234 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-07-01 22:16 - 2019-01-26 11:25 - 000002580 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-07-01 22:16 - 2019-01-26 11:15 - 000002582 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2019-07-01 22:16 - 2019-01-04 06:27 - 000002280 _____ C:\Windows\System32\Tasks\MSIGH_Host
2019-07-01 22:16 - 2018-12-20 22:24 - 000002854 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-38818341-3388588964-4190228223-1001
2019-07-01 22:16 - 2018-12-20 22:22 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-01 22:16 - 2018-12-20 22:22 - 000003196 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003152 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-01 22:16 - 2018-12-20 22:22 - 000003048 _____ C:\Windows\System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002800 _____ C:\Windows\System32\Tasks\update-sys
2019-07-01 22:16 - 2018-12-20 22:22 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002388 _____ C:\Windows\System32\Tasks\NahimicVRSvc64Run
2019-07-01 22:16 - 2018-12-20 22:22 - 000002380 _____ C:\Windows\System32\Tasks\NahimicVRSvc32Run
2019-07-01 22:16 - 2018-12-20 22:22 - 000002148 _____ C:\Windows\System32\Tasks\MSISW_Host
2019-07-01 22:16 - 2018-12-20 22:22 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-07-01 22:16 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2019-07-01 22:16 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job
2019-07-01 22:11 - 2018-06-24 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\AVAST Software
2019-07-01 21:23 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2019-07-01 21:17 - 2018-12-20 22:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-01 21:17 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2019-07-01 17:35 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-07-01 17:35 - 2018-06-24 21:23 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-30 21:48 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-06-30 19:45 - 2019-02-14 23:18 - 000745808 _____ C:\Windows\system32\perfh005.dat
2019-06-30 19:45 - 2019-02-14 23:18 - 000160320 _____ C:\Windows\system32\perfc005.dat
2019-06-30 19:45 - 2018-12-20 22:26 - 001834764 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-30 19:45 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-06-30 19:41 - 2018-12-20 22:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-06-30 19:41 - 2018-09-15 19:40 - 000000000 ____D C:\Windows\OCR
2019-06-30 19:41 - 2018-09-15 19:39 - 000000000 ____D C:\Windows\SysWOW64\WCN
2019-06-30 19:41 - 2018-09-15 19:39 - 000000000 ____D C:\Windows\system32\WCN
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\F12
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-30 19:40 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-06-30 19:40 - 2018-06-24 21:19 - 000000000 ____D C:\Users\micha\AppData\Local\PlaceholderTileLogoFolder
2019-06-30 18:42 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-30 18:39 - 2018-06-24 21:18 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2019-06-30 17:25 - 2018-06-24 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\Telegram Desktop
2019-06-29 14:09 - 2018-08-20 12:27 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2019-06-29 14:09 - 2018-06-24 21:55 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2019-06-29 02:46 - 2019-02-18 00:40 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-29 02:46 - 2019-01-14 19:47 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-29 02:46 - 2018-12-20 22:22 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-29 02:46 - 2018-10-29 22:46 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-29 02:46 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-29 02:46 - 2018-06-24 21:23 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-28 23:58 - 2018-08-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Lightshot
2019-06-28 12:10 - 2019-05-08 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-27 19:40 - 2019-04-17 22:00 - 000003856 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-06-27 19:40 - 2019-04-17 22:00 - 000003272 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-06-27 19:40 - 2018-08-25 11:34 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-06-27 11:18 - 2018-06-24 21:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-26 19:01 - 2018-06-25 09:12 - 000000000 ____D C:\Users\Public\Logi
2019-06-26 13:14 - 2018-06-24 21:28 - 000000000 ____D C:\MSI
2019-06-24 13:47 - 2018-06-25 08:28 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2019-06-23 19:02 - 2018-08-08 22:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2019-06-22 15:23 - 2018-06-24 21:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 23:46 - 2019-05-18 23:13 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2019-06-20 11:47 - 2018-12-20 22:18 - 000002363 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-20 11:47 - 2018-06-24 21:19 - 000000000 ___RD C:\Users\micha\OneDrive
2019-06-18 09:04 - 2018-06-24 21:28 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2019-06-13 21:48 - 2019-05-18 09:07 - 000000000 ___HD C:\Users\micha\Documents\ASP.core.sys
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 ___RD C:\Users\micha\3D Objects
2019-06-12 18:31 - 2018-12-20 22:17 - 000258168 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 00:01 - 2019-05-21 22:55 - 000000000 ____D C:\Users\micha\Documents\angelvoice
2019-06-11 19:21 - 2018-06-24 23:01 - 000000000 ____D C:\Windows\system32\MRT
2019-06-11 19:19 - 2018-06-24 23:01 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-10 00:45 - 2018-12-20 22:18 - 000000000 ____D C:\Users\micha
2019-06-02 20:44 - 2018-07-10 19:07 - 000000000 ____D C:\ProgramData\Packages
2019-06-02 18:30 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ================

2018-08-16 12:57 - 2019-01-06 17:18 - 000001456 _____ () C:\Users\micha\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2018-12-21 09:44 - 2018-12-21 09:44 - 000007605 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg
2018-08-05 15:58 - 2018-08-05 15:58 - 000000003 _____ () C:\Users\micha\AppData\Local\updater.log
2018-08-05 15:58 - 2018-08-05 15:58 - 000000425 _____ () C:\Users\micha\AppData\Local\UserProducts.xml

==================== FLock ================

2018-06-24 21:14 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by micha (01-07-2019 22:23:21)
Running from C:\Users\micha\Desktop
Windows 10 Pro Version 1809 17763.557 (X64) (2018-12-20 20:22:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38818341-3388588964-4190228223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38818341-3388588964-4190228223-503 - Limited - Disabled)
Guest (S-1-5-21-38818341-3388588964-4190228223-501 - Limited - Disabled)
micha (S-1-5-21-38818341-3388588964-4190228223-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-38818341-3388588964-4190228223-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 1.5.3.0902 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{716F53C3-0B3F-4FB7-9AD7-9BC7DB7134A1}) (Version: 1.4.0.0659 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
Atom (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.0.1447.81 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{510D7DF1-732A-4E0D-9FE7-0BCBB9481A2F}) (Version: 3.44.5504.6203 - Google, Inc.)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BOINC (HKLM\...\{96E0C65F-95D1-437B-80D7-5A180AED06D8}) (Version: 7.14.2 - Space Sciences Laboratory, U.C. Berkeley)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
DBeaver 5.3.3 (HKLM\...\DBeaver) (Version: 5.3.3 - JKISS)
Discord (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
EaseUS Partition Master 13.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Flux) (Version: - f.lux Software LLC)
Global VPN Client (HKLM\...\{7D7ED176-EA00-4B2B-B421-AA19A451F650}) (Version: 4.10.2 - SonicWall)
Google Chrome (HKLM\...\{A5573283-D630-3900-8DCE-E463BDDB5E0E}) (Version: 75.0.3770.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.33.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.87 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.83 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.50 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PhotoFiltre (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\PhotoFiltre) (Version: - )
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Spotify (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.7.10 (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.10 - Telegram Messenger LLP)
TransMac version 12.3 (HKLM-x32\...\TransMac_is1) (Version: 12.3 - Acute Systems)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-38818341-3388588964-4190228223-1001_Classes\CLSID\{E24715A6-33C2-41EF-827E-54C52CBFB9E4} -> [MEGAsync] => C:\Users\micha\Documents\MEGAsync [2018-08-18 17:42]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-04 06:27 - 2017-08-02 15:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2019-01-04 06:22 - 2005-07-18 14:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-01-04 06:27 - 2016-04-20 15:12 - 000772608 _____ () [File not signed] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2019-01-04 06:27 - 2015-06-23 17:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2017-04-28 11:37 - 2017-04-28 11:37 - 000099840 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWCommon.dll
2017-04-28 11:35 - 2017-04-28 11:35 - 000325632 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
2017-04-28 11:37 - 2017-04-28 11:37 - 000323072 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWIPHlp.dll
2019-01-04 06:27 - 2016-10-03 14:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-01-04 10:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CB72B931-33C0-4A1D-88F0-1F4E7374592C}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E91B3F4A-A178-4395-ABFB-28EDF530A6E4}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AAC7AC04-25A2-4EAE-A117-DBDAE351C17C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8A88AAAE-CFDF-4A79-BDF4-F7C6D71A49C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1A96DC07-5900-41CB-A2AB-AAD364A3DF37}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BD3E443F-6067-4620-A906-A0D5D309CEEC}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B79DE517-FFBD-4E7C-BC1C-4CE16FF8EC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{5DFF9317-8609-408D-9683-9CD318BDB910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{8BCA1821-E9ED-4B68-9DFA-37434ED7A4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C45BC43D-79CC-41AF-BA8B-ED75601C7E2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D73EE1B-843E-4BF1-B7B1-67C18C722B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [{BB920077-E310-4FEC-B708-FCA8EA2DBF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [UDP Query User{39B8FF5A-E7F4-47D1-9076-9DA4F256A309}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7EF0060D-EFBE-4F26-AC4A-08CE3F5B8C97}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8502B645-ED11-4794-BE19-C0DEE641E48A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB7A403B-0E47-4B5E-AAC1-1A78A47F7C1B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{52471536-226B-479E-8399-C315B5C9E0F2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{673E21B2-4C90-4F11-9CBE-94D5D846E37F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7609A11D-5F8D-4083-B4CE-E9D1485E0056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{ACD2B5AC-FAA4-4E40-A4CA-EE52CE923021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{B2030520-29D7-4AFB-8F50-CF25011DE8AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7CDBC504-A58D-4984-9D79-AD25DE230488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{2BCBCE19-2DF0-46C4-8910-ED90D3930CDF}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{7648F28F-0355-4E3C-9149-8F74557AA55F}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C9DE8735-C730-4D2C-9E9E-E9F89E8388F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{670681E0-18C1-4E98-BA12-1CE06556D51E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2066B1A2-04D7-492B-8C35-5BAAC95FBE16}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{A765A1A3-9A3A-4B8B-B292-301B33BC381E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{4DF2D7B1-7659-4B85-8FB3-C8C8446F6572}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{35655605-834F-450A-B196-A2091562EF4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A0075545-70D6-4981-A3D0-52335E314612}] => (Allow) LPort=38518
FirewallRules: [{D5B3C128-E696-4ADA-936A-0CC76D7BFD96}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{FCAA088D-DE82-427C-9774-673EECB428B2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [UDP Query User{A1D26C14-29C2-4144-854F-2B22DAF317D7}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [{9ED571AC-5D8B-471D-8C8D-C16EA90F8818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1A5A2D5-B0F6-4068-B7E0-0E779B3FD97B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06CC4099-7916-47C4-9123-F56D5C0966B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A07A5566-D72C-4E5E-8A89-2B9EDED20ADE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CD8C3CCE-63BE-4AD9-8029-209888340686}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [UDP Query User{4EFC8FE2-F157-4AEC-9CCB-8E219A049006}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [TCP Query User{C13C79A3-FDFB-407E-97D3-643732752F0D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0668304E-F515-44C9-8C5E-FF18403ECA9E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B6743686-FC11-4590-A0A1-C01DC7B5034C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{951C24B6-E7B0-4763-A981-8BEA5168BE4A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{6C77F08E-8594-49F1-A573-079E56D30223}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{C374A54E-C232-4D4E-817E-FA25D05AA381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{719819A3-DDA1-458F-85DD-535BEC2D0C15}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{25847B54-3887-4DC1-B723-3613F624F3D4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4DF3D67-2BFA-4C51-8085-838E5DE9AC40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{592A6E15-E35D-434B-823C-C97E2A345276}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [{C0CCA766-F567-4CF5-944C-6EBE295C7884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{32C9CD54-9A84-4731-9E9D-48EB154C0524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [TCP Query User{8358D2DB-A3D2-46EE-9610-6F4F3A82F25E}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [UDP Query User{4D6B89F4-29C2-4CD0-8C2F-6EDC5283E4A7}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [{1B3703AA-D7E5-4794-BA91-B3409BFBF578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{949226C0-E56D-469E-82C5-971BEF2E3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{AF87E0D2-0ABD-4A2E-B77D-C7B0C46FC74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{3C102020-33E7-472F-9F94-F0157F0FC015}] => (Allow) LPort=26789
FirewallRules: [{CFD908BC-B718-4B11-B966-14FFD13B2F48}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2019 10:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 75.0.3770.100 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 28c8

Čas spuštění: 01d52fc1f94d654e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: a5bc33ef-c643-4913-b164-383cd28e4fff

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (07/01/2019 09:18:15 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (06/30/2019 09:46:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\TiWorker.exe -Embedding; Popis = Windows Modules Installer; Chyba = 0x80070422).

Error: (06/30/2019 09:46:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Popis = Windows Update; Chyba = 0x80070422).

Error: (06/30/2019 09:41:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Popis = Scheduled Checkpoint; Chyba = 0x80070422).

Error: (06/30/2019 07:58:21 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (06/30/2019 06:42:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TiWorker.exe, verze: 10.0.17763.1, časové razítko: 0x1f41714b
Název chybujícího modulu: cbscore.dll, verze: 10.0.17763.550, časové razítko: 0x26675883
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002ffb3
ID chybujícího procesu: 0x2d30
Čas spuštění chybující aplikace: 0x01d52f620cf1e5d8
Cesta k chybující aplikaci: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\TiWorker.exe
Cesta k chybujícímu modulu: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\cbscore.dll
ID zprávy: c0f6601b-d38c-40bf-ab34-2719cae218ed
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/30/2019 06:40:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Popis = Windows Update; Chyba = 0x80070422).


System errors:
=============
Error: (07/01/2019 10:21:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:40:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:17:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 07:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 06:44:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 05:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 05:32:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2019-06-30 19:41:12.865
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.858
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.856
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.744
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.736
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.H0 05/02/2018
Motherboard: Micro-Star International Co., Ltd B350 TOMAHAWK (MS-7A34)
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16335.17 MB
Available physical RAM: 12943.91 MB
Total Virtual: 18767.17 MB
Available Virtual: 13184.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:315.62 GB) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:251.13 GB) NTFS
Drive e: () (Fixed) (Total:698.63 GB) (Free:315.57 GB) NTFS

\\?\Volume{a6fe17bf-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{1ab6e469-f0a9-494f-8ec7-6e1e9fac5df2}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 032C9658)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BCEBE8A2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 1AAF1E19)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0F Extended)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A6FE17BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: Kontrola FRST logů

Napsal: 02 črc 2019 17:52
od Conder
:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
    File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
    File: C:\Windows\system32\EuGdiDrv.sys
    
    HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe" 
    GroupPolicy: Restriction ? <==== ATTENTION
    S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
    S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
    2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Re: Kontrola FRST logů

Napsal: 03 črc 2019 09:01
od michi_trung
Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by micha (03-07-2019 09:56:01) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
File: C:\Windows\system32\EuGdiDrv.sys

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
GroupPolicy: Restriction ? <==== ATTENTION
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 13
Average :
Sum : 4947841
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Mozilla\Firefox]
[HKLM\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"="1"

=== End of ExportKey ===

========================= File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe ========================

"C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe" => not found
====== End of File: ======


========================= File: C:\Windows\system32\EuGdiDrv.sys ========================

C:\Windows\system32\EuGdiDrv.sys
File not signed
MD5: 08C997734B2CECE882656BB2855E6E76
Creation and modification date: 2019-03-05 19:09 - 2018-10-24 14:53
Size: 000010848
Attributes: ----A
Company Name: CHENGDU YIWO Tech Development Co., Ltd. ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/b3c1def ... 560366190/

====== End of File: ======

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40419117-8b9d-11e9-9125-309c230e2015} => removed successfully
HKLM\Software\Classes\CLSID\{40419117-8b9d-11e9-9125-309c230e2015} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz147 => removed successfully
cpuz147 => service removed successfully
HKLM\System\CurrentControlSet\Services\NVHDA => removed successfully
NVHDA => service removed successfully
C:\Users\micha\Desktop\FRST-OlderVersion => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1781028420 B
Java, Flash, Steam htmlcache => 457363543 B
Windows/system/drivers => 3306297 B
Edge => 2046866 B
Chrome => 471149547 B
Firefox => 220928123 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1041169 B
systemprofile32 => 45486 B
LocalService => 436012 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
micha => 34653647 B

RecycleBin => 32629583 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:57:12 ====

Re: Kontrola FRST logů

Napsal: 03 črc 2019 23:52
od Conder
:arrow: Ako to vyzera s PC?