Prosím o preventivní kontrolu

[Matthew147]

Dobrý den, notebook jsem koupil před půl rokem a radši bych chtěl mít jistotu, že zůstane vše v pořádku. Předem děkuji.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-08-2019 02
Ran by Matej (administrator) on DESKTOP-QMQ3BRT (Micro-Star International Co., Ltd. GS65 Stealth Thin 8RE) (08-08-2019 09:36:30)
Running from C:\Users\Matej\Downloads
Loaded Profiles: Matej (Available Profiles: Matej)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Matej\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_de4e751ab44b3d66\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_de4e751ab44b3d66\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(RescueTime, Inc.) [File not signed] C:\Program Files (x86)\RescueTime\RescueTime.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [833312 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [f.lux] => C:\Users\Matej\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46993264 2019-06-27] (Google LLC -> )
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\MountPoints2: {6842bd08-8d96-11e9-90f5-48a47204cb3e} - "D:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\76.0.67.124\Installer\chrmstp.exe [2019-08-08] (Brave Software, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-04-17]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2019-04-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2019-05-16]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FF9287-37CC-48DF-AE32-754DDD9026C3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {09D1E981-3A7F-47A2-95F4-B5C2CB93C97D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0C150F6A-4707-407D-B3F2-AE2D1E76E02F} - System32\Tasks\NahimicTask32 => C:\WINDOWS\System32\..\SysWOW64\NahimicSvc32.exe [676792 2018-10-31] (A-Volute -> Nahimic)
Task: {1217D46B-B273-498E-89E5-882F8EBC1593} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {13E95CEA-635E-49A5-82F0-E22985D06787} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16040355-746F-44AB-A90B-C9E229EAC5AD} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F09D35C-DEE7-4E07-B7C9-A2C68FB41608} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2316A46B-19F7-4500-AB85-59AC7457D52D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A79465A-DB31-4228-A34E-0130F0804FEC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BF57E67-FAB6-47A9-8DA7-2A24B85CF45C} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Matej\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {2C7E5F4D-D4BC-4B88-8D6C-47F191941663} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {320B8DA6-5540-407A-9515-D64096700099} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6138664 2019-04-13] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {39CCBE24-B0D0-4C7D-BFA7-28ADC412E9A9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {400B0B64-E935-42BA-8DB3-B1FCC0A1523B} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {430C9DF8-5F70-4383-BB21-760B86040060} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4729B776-CD4F-416B-AC7B-A506D15C4BEB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FD2B26E-CD27-4955-8751-2692BBA00782} - System32\Tasks\NahimicTask64 => C:\WINDOWS\System32\.\NahimicSvc64.exe [882104 2018-10-31] (A-Volute -> Nahimic)
Task: {58750A82-6BB4-4E52-8C12-E1B4900E4FFF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F843E76-EE12-407D-AF51-BB8E13275D69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {61A919C5-CB1A-4621-8A5B-8EF3EBFC446B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {691069DB-D509-49EB-B99B-8C017AB77BE5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C058FA4-1AB8-4F48-96CB-43E31A844E2C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {72998902-70FC-463A-B35C-515378BBEDA5} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {84BAC296-E611-477C-8681-1B63B4E78061} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8F3AB0A0-12A7-4494-A626-8286D065EDC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7B1BAE1-5018-4E92-8BBD-EB097490E358} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {AABB60DF-B510-408B-84BC-FA388021ED5C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B42E9F73-CEAB-43B3-A742-1E2AD9FEF12F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD35786-4107-413B-948D-92DC22884329} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8184D86-2C7A-44AD-B535-653D9BFDEEBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {C96CC39D-EFD8-4B2D-BDCA-B20ECC6258EE} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [882104 2018-10-31] (A-Volute -> Nahimic)
Task: {CF302409-D72B-4D2C-8637-EE8E7BEEA925} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2318376 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {D31C1029-5CF0-4EB0-A4C8-ADF2CBCEDEF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD178956-0469-4994-A2D7-354E68CADD1E} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [676792 2018-10-31] (A-Volute -> Nahimic)
Task: {E4DEBD37-1ED5-4DA7-A537-83CC6499FAFB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E80CD8A8-906F-4760-8637-BE847680E37C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EE8D0C74-5249-44CE-A3DC-D7688CA52B57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {FAB88457-85A6-43BF-A4CB-E2C43729385B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {FC90E583-E856-4718-B4BB-93900F57180A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.196.209.2 78.108.152.158
Tcpip\..\Interfaces\{71aa142b-bf0d-4f52-bbb5-f36ddddb56b3}: [DhcpNameServer] 217.196.209.2 78.108.152.158

Internet Explorer:
==================
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17swin10.msn.com/?pc=NSJE
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17swin10.msn.com/?pc=NSJE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-04-17] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: so9ru0hr.default
FF ProfilePath: C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\so9ru0hr.default [2019-07-01]
FF ProfilePath: C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\s9ombob0.default-release [2019-07-01]
FF Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\s9ombob0.default-release\Extensions\{b6425a68-cf3b-4285-b6a9-649f9fc0ec91}.xpi [2019-07-01]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.cz/
CHR StartupUrls: Default -> "hxxps://www.wunderlist.com/webapp#/lists/inbox/ ... _7%7Cmonth"
CHR DefaultSearchURL: Default -> hxxps://d3ki9tyy5l5ruj.cloudfront.net/obj/8897db9ac54fb68c74f76b4d3e2e753b524fca42/Favicon@3x.png
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default [2019-08-08]
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-03]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-03]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-03]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-03]
CHR Extension: (LINER - Web/PDF Highlighter) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhcbmnbenmcecpmpepghooflbehcack [2019-08-01]
CHR Extension: (Pushbullet) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2019-06-04]
CHR Extension: (uBlock Origin) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-23]
CHR Extension: (Adblock for Youtube™) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2019-04-05]
CHR Extension: (Mendeley Importer) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2019-04-05]
CHR Extension: (KeyRocket for Gmail™) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp [2019-04-05]
CHR Extension: (Reader View) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecabifbgmdmgdllomnfinbmaellmclnh [2019-05-28]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-03]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2019-04-05]
CHR Extension: () - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamblpaiplkihjneblbnoniddfockndi [2019-08-08]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-03]
CHR Extension: (Asana) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijpcmgkkjdlelnbnjmklkjpgcmamndb [2019-05-17]
CHR Extension: (Save to Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2019-04-05]
CHR Extension: (Grammarly for Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-01]
CHR Extension: (Notion Web Clipper) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\knheggckgoiihginacbkhaalnibhilkk [2019-07-04]
CHR Extension: (StayFocusd) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2019-04-05]
CHR Extension: (Momentum) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2019-08-04]
CHR Extension: (Instapaper) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2019-05-16]
CHR Extension: (DF Tube (Distraction Free for YouTube™)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepdfccjgcndkmemponafgioodelna [2019-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-03]
CHR Extension: (Simple EPUB Reader) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2019-04-05]
CHR Extension: (TunnelBear VPN) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-04-05]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-20]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\Desktop\Software\depro [2019-08-07]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-08-08]
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-30]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-30]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-30]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-30]
CHR Extension: (uBlock Origin) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-27]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-30]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gamblpaiplkihjneblbnoniddfockndi [2019-08-05]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-30]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-27]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-08-06]
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-17]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-17]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-17]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-17]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-17]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-17]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-17]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-17]
CHR HKU\S-1-5-21-105526560-3629586505-1581754559-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2484992 2018-09-05] (Rivet Networks LLC -> Rivet Networks)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-30] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NahimicService; C:\WINDOWS\System32\NahimicService.exe [1216968 2018-10-31] (A-Volute -> Nahimic)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [833312 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> )
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399440 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72952 2018-09-05] (Rivet Networks LLC -> CloudBees, Inc.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72952 2018-09-05] (Rivet Networks LLC -> CloudBees, Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72248 2018-02-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [154752 2018-09-05] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8646632 2018-01-25] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [8964216 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [137768 2018-03-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_28561576d9165991\nvlddmkm.sys [21657024 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [47368 2018-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [56912 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43824 2017-12-15] (SteelSeries ApS -> )
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2019-02-01] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48032 2019-02-01] (SteelSeries ApS -> SteelSeries ApS)
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [41312 2019-02-01] (SteelSeries ApS -> )
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [54104 2017-12-15] (STMicroelectronics -> STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-12] (Micro-Star Int'l Co. Ltd. -> )
S3 WinRing0_1_2_0; \??\C:\Users\Matej\Desktop\Software\ThrottleStop\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 09:36 - 2019-08-08 09:37 - 000038889 _____ C:\Users\Matej\Downloads\FRST.txt
2019-08-08 09:31 - 2019-08-08 09:36 - 000000000 ____D C:\FRST
2019-08-08 09:31 - 2019-08-08 09:31 - 002096640 _____ (Farbar) C:\Users\Matej\Downloads\FRST64.exe
2019-08-06 18:08 - 2019-08-06 18:08 - 000000000 ____D C:\Users\Matej\Documents\Paradox Interactive
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Plays
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plays.tv, Inc
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Local\Plays-ltc
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Local\Plays
2019-08-06 11:36 - 2019-08-06 11:36 - 003459323 _____ C:\Users\Matej\Downloads\Gabriel Weinberg, Justin Mares - Traction_ a startup guide to getting customers-S-curves Publishing (2014).epub
2019-07-29 09:54 - 2019-07-29 11:04 - 000000000 ____D C:\Users\Matej\AppData\Roaming\ScreenToGif
2019-07-24 14:34 - 2019-07-24 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2019-07-24 14:34 - 2019-07-24 14:34 - 000000000 ____D C:\Program Files (x86)\Icecream Ebook Reader
2019-07-24 14:32 - 2019-07-24 14:39 - 000000000 ____D C:\Users\Matej\AppData\LocalLow\BitTorrent
2019-07-24 14:30 - 2019-07-24 14:40 - 000000000 ____D C:\Users\Matej\AppData\Roaming\BitTorrent
2019-07-24 14:30 - 2019-07-24 14:30 - 000000903 _____ C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2019-07-22 15:47 - 2019-07-22 15:47 - 000000761 _____ C:\Users\Matej\Desktop\Downloads.lnk
2019-07-18 15:18 - 2019-07-18 15:18 - 000000000 ____D C:\Users\Matej\AppData\Local\Icecream
2019-07-18 15:18 - 2019-07-18 15:18 - 000000000 ____D C:\Users\Matej\AppData\Local\CrashRpt
2019-07-18 15:18 - 2019-07-18 15:18 - 000000000 ____D C:\Users\Matej\.ebookreader
2019-07-16 18:28 - 2019-08-08 08:33 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-16 15:16 - 2019-07-16 15:16 - 000000000 ____D C:\Users\Matej\AppData\Roaming\The Creative Assembly
2019-07-16 12:57 - 2019-07-16 12:57 - 000000000 ____D C:\Users\Matej\AppData\Local\ElevatedDiagnostics
2019-07-16 12:54 - 2019-07-16 12:54 - 000000335 _____ C:\Users\Matej\Desktop\computer.lnk
2019-07-13 19:44 - 2019-07-04 11:43 - 000094008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2019-07-13 19:44 - 2019-07-04 11:40 - 021390504 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2019-07-13 19:44 - 2019-07-04 11:40 - 001631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-07-13 19:44 - 2019-07-04 11:40 - 001616840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2019-07-13 19:44 - 2019-07-04 11:40 - 000790416 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2019-07-13 19:44 - 2019-07-04 11:22 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2019-07-13 19:44 - 2019-07-04 11:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2019-07-13 19:44 - 2019-07-04 11:21 - 008627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2019-07-13 19:44 - 2019-07-04 11:20 - 001609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2019-07-13 19:44 - 2019-07-04 11:19 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2019-07-13 19:44 - 2019-07-04 11:18 - 003614208 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-07-13 19:44 - 2019-07-04 11:18 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-07-13 19:44 - 2019-07-04 10:56 - 001453416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-07-13 19:44 - 2019-07-04 10:54 - 000662352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2019-07-13 19:44 - 2019-07-04 10:51 - 020384128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2019-07-13 19:44 - 2019-07-04 10:41 - 007990784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2019-07-13 19:44 - 2019-07-04 10:37 - 002882048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-07-13 19:44 - 2019-07-04 10:36 - 001471488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-07-13 19:44 - 2019-07-04 07:00 - 001035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-07-13 19:44 - 2019-07-04 06:58 - 001328440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2019-07-13 19:44 - 2019-07-04 06:58 - 001219896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-07-13 19:44 - 2019-07-04 06:58 - 000416312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2019-07-13 19:44 - 2019-07-04 06:58 - 000192824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2019-07-13 19:44 - 2019-07-04 06:57 - 003292152 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 001027384 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-07-13 19:44 - 2019-07-04 06:57 - 000986128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2019-07-13 19:44 - 2019-07-04 06:57 - 000776784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000723728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000708696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2019-07-13 19:44 - 2019-07-04 06:57 - 000568104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-07-13 19:44 - 2019-07-04 06:57 - 000362264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000209424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2019-07-13 19:44 - 2019-07-04 06:57 - 000194360 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000137656 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-07-13 19:44 - 2019-07-04 06:57 - 000091776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2019-07-13 19:44 - 2019-07-04 06:56 - 009084216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-07-13 19:44 - 2019-07-04 06:56 - 007519896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 007436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 002810680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2019-07-13 19:44 - 2019-07-04 06:56 - 002571640 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 001566520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 001459120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-07-13 19:44 - 2019-07-04 06:56 - 001260776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-07-13 19:44 - 2019-07-04 06:56 - 001141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-07-13 19:44 - 2019-07-04 06:56 - 000983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-07-13 19:44 - 2019-07-04 06:56 - 000767536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 000734952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 000713272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 000604984 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2019-07-13 19:44 - 2019-07-04 06:56 - 000493752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2019-07-13 19:44 - 2019-07-04 06:56 - 000115512 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2019-07-13 19:44 - 2019-07-04 06:43 - 000832016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2019-07-13 19:44 - 2019-07-04 06:43 - 000665440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2019-07-13 19:44 - 2019-07-04 06:43 - 000328696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2019-07-13 19:44 - 2019-07-04 06:43 - 000287376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2019-07-13 19:44 - 2019-07-04 06:43 - 000191800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2019-07-13 19:44 - 2019-07-04 06:42 - 006570368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 006044008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 002479176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 001427768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 000573808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 000356312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2019-07-13 19:44 - 2019-07-04 06:42 - 000097272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2019-07-13 19:44 - 2019-07-04 06:41 - 000559328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2019-07-13 19:44 - 2019-07-04 06:37 - 025857536 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-07-13 19:44 - 2019-07-04 06:33 - 022017536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-07-13 19:44 - 2019-07-04 06:29 - 022717440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-07-13 19:44 - 2019-07-04 06:26 - 004385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-07-13 19:44 - 2019-07-04 06:26 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2019-07-13 19:44 - 2019-07-04 06:26 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 019372544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 007589888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 004861440 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 003401216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2019-07-13 19:44 - 2019-07-04 06:25 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2019-07-13 19:44 - 2019-07-04 06:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2019-07-13 19:44 - 2019-07-04 06:24 - 000567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2019-07-13 19:44 - 2019-07-04 06:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2019-07-13 19:44 - 2019-07-04 06:24 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2019-07-13 19:44 - 2019-07-04 06:23 - 001765888 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2019-07-13 19:44 - 2019-07-04 06:23 - 001217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2019-07-13 19:44 - 2019-07-04 06:23 - 000786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 003707904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 002587648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 002176000 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 001561088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 001549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 001175552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 000300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2019-07-13 19:44 - 2019-07-04 06:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 005784064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 003202560 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 002166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2019-07-13 19:44 - 2019-07-04 06:21 - 001920000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 001220608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 000124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2019-07-13 19:44 - 2019-07-04 06:21 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2019-07-13 19:44 - 2019-07-04 06:20 - 001156608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2019-07-13 19:44 - 2019-07-04 06:20 - 000544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2019-07-13 19:44 - 2019-07-04 06:20 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2019-07-13 19:44 - 2019-07-04 06:20 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2019-07-13 19:44 - 2019-07-04 06:19 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-07-13 19:44 - 2019-07-04 06:19 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2019-07-13 19:44 - 2019-07-04 06:18 - 002602496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2019-07-13 19:44 - 2019-07-04 06:18 - 001076224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2019-07-13 19:44 - 2019-07-04 06:18 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2019-07-13 19:44 - 2019-07-04 06:18 - 000953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2019-07-13 19:44 - 2019-07-04 06:18 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2019-07-13 19:44 - 2019-07-04 06:17 - 000531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2019-07-13 19:44 - 2019-07-04 05:01 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2019-07-13 19:44 - 2019-06-21 10:50 - 000280584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2019-07-13 19:44 - 2019-06-13 14:15 - 000324408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-07-13 19:44 - 2019-06-13 14:12 - 002871848 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2019-07-13 19:44 - 2019-06-13 14:05 - 000810296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2019-07-13 19:44 - 2019-06-13 14:04 - 001721144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2019-07-13 19:44 - 2019-06-13 14:00 - 000464696 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2019-07-13 19:44 - 2019-06-13 13:59 - 000740664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2019-07-13 19:44 - 2019-06-13 13:58 - 000637752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2019-07-13 19:44 - 2019-06-13 13:58 - 000071480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2019-07-13 19:44 - 2019-06-13 13:56 - 000164152 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2019-07-13 19:44 - 2019-06-13 13:43 - 001048480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2019-07-13 19:44 - 2019-06-13 13:42 - 004038688 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2019-07-13 19:44 - 2019-06-13 13:42 - 000566536 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2019-07-13 19:44 - 2019-06-13 13:40 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2019-07-13 19:44 - 2019-06-13 13:38 - 000766264 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2019-07-13 19:44 - 2019-06-13 13:37 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\system32\changepk.exe
2019-07-13 19:44 - 2019-06-13 13:36 - 000251000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2019-07-13 19:44 - 2019-06-13 13:36 - 000236520 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2019-07-13 19:44 - 2019-06-13 13:35 - 001376688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2019-07-13 19:44 - 2019-06-13 13:34 - 000146888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingUI.exe
2019-07-13 19:44 - 2019-06-13 13:18 - 006586880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2019-07-13 19:44 - 2019-06-13 13:18 - 004847104 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2019-07-13 19:44 - 2019-06-13 13:17 - 012756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-07-13 19:44 - 2019-06-13 13:17 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2019-07-13 19:44 - 2019-06-13 13:17 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2019-07-13 19:44 - 2019-06-13 13:17 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2019-07-13 19:44 - 2019-06-13 13:17 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2019-07-13 19:44 - 2019-06-13 13:16 - 000767488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcommdlg.dll
2019-07-13 19:44 - 2019-06-13 13:15 - 004718080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-07-13 19:44 - 2019-06-13 13:15 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpgradeResultsUI.exe
2019-07-13 19:44 - 2019-06-13 13:14 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2019-07-13 19:44 - 2019-06-13 13:14 - 000900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\slui.exe
2019-07-13 19:44 - 2019-06-13 13:14 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2019-07-13 19:44 - 2019-06-13 13:14 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DesktopSwitcherDataModel.dll
2019-07-13 19:44 - 2019-06-13 13:13 - 002920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-07-13 19:44 - 2019-06-13 13:13 - 001339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\TaskFlowDataEngine.dll
2019-07-13 19:44 - 2019-06-13 13:13 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2019-07-13 19:44 - 2019-06-13 13:13 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2019-07-13 19:44 - 2019-06-13 13:13 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2019-07-13 19:44 - 2019-06-13 13:12 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2019-07-13 19:44 - 2019-06-13 13:10 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsbas.dll
2019-07-13 19:44 - 2019-06-13 12:07 - 001027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2019-07-13 19:44 - 2019-06-13 12:07 - 000660496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2019-07-13 19:44 - 2019-06-13 12:07 - 000221232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2019-07-13 19:44 - 2019-06-13 12:05 - 003700160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2019-07-13 19:44 - 2019-06-13 11:55 - 005657088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2019-07-13 19:44 - 2019-06-13 11:54 - 011942912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-07-13 19:44 - 2019-06-13 11:54 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2019-07-13 19:44 - 2019-06-13 11:53 - 000089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2019-07-13 19:44 - 2019-06-13 11:51 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2019-07-13 19:44 - 2019-06-13 11:50 - 000896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2019-07-13 19:44 - 2019-06-13 11:49 - 002406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2019-07-13 19:44 - 2019-06-13 11:49 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2019-07-13 19:44 - 2019-06-13 09:48 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2019-07-13 19:44 - 2019-06-13 09:46 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2019-07-13 19:44 - 2019-06-13 09:01 - 000513336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2019-07-13 19:44 - 2019-06-13 09:01 - 000511288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2019-07-13 19:44 - 2019-06-13 09:01 - 000036152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2019-07-13 19:44 - 2019-06-13 08:59 - 000785264 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2019-07-13 19:44 - 2019-06-13 08:47 - 005625160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2019-07-13 19:44 - 2019-06-13 08:47 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-07-13 19:44 - 2019-06-13 08:46 - 001076536 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2019-07-13 19:44 - 2019-06-13 08:46 - 000510296 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2019-07-13 19:44 - 2019-06-13 08:46 - 000093984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-07-13 19:44 - 2019-06-13 08:45 - 002421560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-07-13 19:44 - 2019-06-13 08:44 - 002769688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 002546704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 001033696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 000607112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 000545808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-07-13 19:44 - 2019-06-13 08:44 - 000130624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-07-13 19:44 - 2019-06-13 08:17 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2019-07-13 19:44 - 2019-06-13 08:16 - 001626112 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2019-07-13 19:44 - 2019-06-13 08:16 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2019-07-13 19:44 - 2019-06-13 08:15 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2019-07-13 19:44 - 2019-06-13 08:15 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2019-07-13 19:44 - 2019-06-13 08:15 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2019-07-13 19:44 - 2019-06-13 08:15 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2019-07-13 19:44 - 2019-06-13 08:15 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\KdsCli.dll
2019-07-13 19:44 - 2019-06-13 08:14 - 003318784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2019-07-13 19:44 - 2019-06-13 08:14 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2019-07-13 19:44 - 2019-06-13 08:14 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2019-07-13 19:44 - 2019-06-13 08:14 - 000302080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CXHProvisioningServer.dll
2019-07-13 19:44 - 2019-06-13 08:13 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2019-07-13 19:44 - 2019-06-13 08:13 - 002370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-07-13 19:44 - 2019-06-13 08:13 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2019-07-13 19:44 - 2019-06-13 08:13 - 000322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2019-07-13 19:44 - 2019-06-13 08:13 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000532992 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2019-07-13 19:44 - 2019-06-13 08:12 - 000501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2019-07-13 19:44 - 2019-06-13 08:11 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2019-07-13 19:44 - 2019-06-13 08:11 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2019-07-13 19:44 - 2019-06-13 08:11 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 002912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 001400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 001215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2019-07-13 19:44 - 2019-06-13 08:10 - 000523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2019-07-13 19:44 - 2019-06-13 08:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2019-07-13 19:44 - 2019-06-13 08:09 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-07-13 19:44 - 2019-06-13 08:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2019-07-13 19:44 - 2019-06-13 08:08 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-07-13 19:44 - 2019-06-13 07:14 - 000415544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2019-07-13 19:44 - 2019-06-13 07:08 - 000443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2019-07-13 19:44 - 2019-06-13 07:07 - 000101192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-07-13 19:44 - 2019-06-13 07:07 - 000080744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-07-13 19:44 - 2019-06-13 07:06 - 002256768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-07-13 19:44 - 2019-06-13 07:06 - 001130776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-07-13 19:44 - 2019-06-13 07:06 - 000581600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-07-13 19:44 - 2019-06-13 06:49 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\enrollmentapi.dll
2019-07-13 19:44 - 2019-06-13 06:47 - 003554304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2019-07-13 19:44 - 2019-06-13 06:47 - 002899456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2019-07-13 19:44 - 2019-06-13 06:47 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2019-07-13 19:44 - 2019-06-13 06:46 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-07-13 19:44 - 2019-06-13 06:46 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-07-13 19:44 - 2019-06-13 06:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2019-07-13 19:44 - 2019-06-13 06:45 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2019-07-13 19:44 - 2019-06-13 06:45 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-07-13 19:44 - 2019-06-13 06:44 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-07-13 19:44 - 2019-06-13 06:44 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2019-07-13 19:44 - 2019-06-13 06:44 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2019-07-13 19:44 - 2019-06-13 06:44 - 000582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2019-07-13 19:44 - 2019-06-13 06:44 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-07-13 19:44 - 2019-06-13 06:43 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-07-13 19:44 - 2019-06-13 06:43 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2019-07-13 19:44 - 2019-06-13 06:43 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-08 09:32 - 2019-05-16 23:09 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Notion
2019-08-08 09:32 - 2019-04-17 17:30 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Slack
2019-08-08 08:58 - 2019-05-07 02:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-08 08:53 - 2019-04-23 19:24 - 000000000 ____D C:\ProgramData\Common
2019-08-08 08:46 - 2019-06-02 04:02 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-08-08 08:39 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-08 08:37 - 2019-05-07 02:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-08 08:37 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-08 08:34 - 2019-05-07 02:18 - 000003112 _____ C:\WINDOWS\System32\Tasks\NahimicTask32
2019-08-08 08:34 - 2019-05-07 02:18 - 000003092 _____ C:\WINDOWS\System32\Tasks\NahimicTask64
2019-08-08 08:34 - 2019-04-29 17:35 - 000000000 ___RD C:\Google Drive
2019-08-08 08:34 - 2019-04-03 01:45 - 000000000 __SHD C:\Users\Matej\IntelGraphicsProfiles
2019-08-08 08:33 - 2019-05-07 02:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-08 08:33 - 2018-03-31 01:13 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-07 20:04 - 2018-04-11 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-08-07 20:03 - 2019-07-03 09:35 - 000000000 ____D C:\Games
2019-08-06 17:46 - 2019-06-16 22:42 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-06 17:46 - 2019-06-16 22:21 - 000000000 ____D C:\Users\Matej\AppData\Local\D3DSCache
2019-08-06 17:46 - 2019-04-17 17:30 - 000000000 ____D C:\Users\Matej\AppData\Local\SquirrelTemp
2019-08-06 13:03 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-06 11:43 - 2019-05-16 22:05 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Spotify
2019-08-06 11:40 - 2019-04-30 18:51 - 000000000 ____D C:\Users\Matej\.atom
2019-08-06 10:11 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-06 09:15 - 2019-05-16 22:08 - 000000000 ____D C:\Users\Matej\AppData\Local\Spotify
2019-08-05 08:50 - 2019-07-04 18:13 - 000002258 _____ C:\Users\Matej\Desktop\Notion.lnk
2019-08-05 08:05 - 2019-04-28 20:27 - 000000000 ____D C:\Users\Matej\AppData\Local\SAP
2019-08-04 17:39 - 2018-03-31 01:17 - 000000000 ____D C:\ProgramData\A-Volute
2019-08-02 20:22 - 2019-04-04 08:42 - 000000000 ____D C:\Program Files\rempl
2019-07-31 11:10 - 2019-04-08 07:23 - 000000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2019-07-29 10:41 - 2019-04-17 17:16 - 000000000 ____D C:\Users\Matej\Desktop\Software
2019-07-29 09:18 - 2019-04-17 18:07 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-07-29 09:18 - 2019-04-17 18:07 - 000000000 ____D C:\Users\Matej\AppData\Local\slack
2019-07-29 09:10 - 2019-04-23 19:52 - 000000000 ____D C:\Program Files\Microsoft Office
2019-07-29 09:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-26 12:59 - 2019-04-05 22:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-23 18:41 - 2019-04-03 01:45 - 000000000 ____D C:\Users\Matej\AppData\Local\PlaceholderTileLogoFolder
2019-07-23 18:41 - 2019-04-03 01:45 - 000000000 ____D C:\Users\Matej\AppData\Local\Packages
2019-07-22 17:54 - 2019-06-27 10:47 - 000000000 ____D C:\Users\Matej\AppData\Local\Pushbullet
2019-07-18 15:18 - 2019-05-07 02:16 - 000000000 ____D C:\Users\Matej
2019-07-18 00:35 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-07-16 11:37 - 2019-04-03 01:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-07-16 11:37 - 2019-04-03 01:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-07-15 00:26 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-14 16:47 - 2019-05-07 02:18 - 000000000 ___RD C:\Users\Matej\3D Objects
2019-07-14 16:47 - 2017-10-19 14:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-14 00:05 - 2019-05-07 02:15 - 000408440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-14 00:05 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2019-07-13 22:29 - 2019-07-01 20:56 - 000000000 ____D C:\Users\Matej\AppData\Roaming\StardewValley
2019-07-13 19:43 - 2019-04-04 08:41 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-07-13 19:42 - 2019-04-04 08:41 - 136618864 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-07-13 19:36 - 2019-04-29 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-07-13 19:34 - 2019-04-03 06:44 - 000741432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-08-2019 02
Ran by Matej (08-08-2019 09:37:20)
Running from C:\Users\Matej\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2019-05-07 00:18:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-105526560-3629586505-1581754559-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-105526560-3629586505-1581754559-503 - Limited - Disabled)
Guest (S-1-5-21-105526560-3629586505-1581754559-501 - Limited - Disabled)
Matej (S-1-5-21-105526560-3629586505-1581754559-1001 - Administrator - Enabled) => C:\Users\Matej
WDAGUtilityAccount (S-1-5-21-105526560-3629586505-1581754559-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Atom (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\atom) (Version: 1.38.2 - GitHub Inc.)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.)
BitTorrent (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\BitTorrent) (Version: 7.10.5.45272 - BitTorrent Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 76.0.67.124 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.5 - Ursa Minor Ltd)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0939 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.5.1904.1201 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.5.1904.1201 - Micro-Star International Co., Ltd.)
Evernote v. 6.17.7 (HKLM-x32\...\{B47B6F80-6143-11E9-9F8E-005056951CAD}) (Version: 6.17.7.8474 - Evernote Corp.)
f.lux (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Flux) (Version: - f.lux Software LLC)
FileZilla Client 3.41.2 (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\FileZilla Client) (Version: 3.41.2 - Tim Kosse)
Git version 2.22.0.windows.1 (HKLM\...\Git_is1) (Version: 2.22.0.windows.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Icecream Ebook Reader version 5.12 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.12 - Icecream Apps)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4974 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\3498B7189B13CBC3673674CD226F4540F628CCB8) (Version: 1.1.5.0 - ENE TECHNOLOGY INC.)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 67.0.4 (x64 cs)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Node.js (HKLM\...\{E3C2DC65-9DCA-4422-BDDE-0489B89A16D2}) (Version: 10.16.0 - Node.js Foundation)
Notion 1.0.8 (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 1.0.8 - Notion Labs, Incorporated)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
RescueTime 2.14.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
Slack (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\slack) (Version: 4.0.1 - Slack Technologies)
Spotify (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.14.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.14.0 - SteelSeries ApS)
Thunderbolt™ Software (HKLM-x32\...\{B43DE90F-2638-4FCC-982E-383200E80797}) (Version: 17.3.74.400 - Intel Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2163.0_x64__rh07ty8m5nkag [2019-05-07] (Rivet Networks LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.3.2.0_x64__w2gh52qy24etm [2019-08-02] (A-Volute)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.168.0_x64__dt26b99r8h8gj [2019-04-07] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxDTCM.dll [2018-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Matej\Desktop\Software\Asana.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gijpcmgkkjdlelnbnjmklkjpgcmamndb
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Social Media - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Work - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Fun - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2019-08-08 08:34 - 2019-08-08 08:34 - 000113664 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_ctypes.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000173568 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_elementtree.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001800192 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_hashlib.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000032256 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_multiprocessing.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000046080 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_psutil_windows.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000047616 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_socket.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 002230784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_ssl.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000026112 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\_yappi.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000080896 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\bz2.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 006277632 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\cello.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000014848 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\common.time34.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000007680 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\hashobjs_ext.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000301568 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\PIL._imaging.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000169472 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\pyexpat.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001084416 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\pysqlite2._sqlite.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000548864 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\pythoncom27.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 000137728 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\pywintypes27.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 000010752 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\select.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000020992 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\thumbnails_ext.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000689664 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\unicodedata.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000118784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\usb_ext.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000128512 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32api.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000438784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32com.shell.shell.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000011776 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32crypt.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000023040 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32event.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000149504 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32file.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000223232 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32gui.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000048128 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32inet.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000029696 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32pdh.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000027648 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32pipe.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000044032 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32process.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000020480 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32profile.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000136192 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32security.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000026624 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\win32ts.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000034304 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\windows.conditional.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000038400 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\windows.connectivity.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000073216 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\windows.device_monitor.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000110592 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\windows.volumes.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000020480 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\windows.winwrap.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001325056 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._controls_.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001489408 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._core_.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001007104 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._gdi_.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000103424 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._html2.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 000916992 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._misc_.pyd
2019-08-08 08:34 - 2019-08-08 08:34 - 001039872 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wx._windows_.pyd
2018-04-25 22:30 - 2018-04-25 22:30 - 000240128 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\NahimicAPI.dll
2018-11-23 17:01 - 2018-11-23 17:01 - 000438784 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\YooMixCOM.dll
2016-08-11 06:34 - 2016-08-11 06:34 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\WinIo64.dll
2015-06-12 05:35 - 2015-06-12 05:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll
2009-07-10 00:54 - 2009-07-10 00:54 - 000160768 _____ (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
2019-08-08 08:34 - 2019-08-08 08:34 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\python27.dll
2019-05-16 21:59 - 2018-12-07 21:51 - 003109888 _____ (RescueTime, Inc.) [File not signed] C:\Program Files (x86)\RescueTime\RescueTime.exe
2019-08-08 08:34 - 2019-08-08 08:34 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxbase30u_net_vc90_x64.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxbase30u_vc90_x64.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxmsw30u_adv_vc90_x64.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxmsw30u_core_vc90_x64.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxmsw30u_html_vc90_x64.dll
2019-08-08 08:34 - 2019-08-08 08:34 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI95122\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\sharepoint.com -> hxxps://vse-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 217.196.209.2 - 78.108.152.158
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{98E34F87-711F-48B0-8D52-522AC59561E6}C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe] => (Allow) C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe No File
FirewallRules: [TCP Query User{56D57F84-A3D0-404B-A9B7-BA53DCA8721B}C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe] => (Allow) C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe No File
FirewallRules: [{99EDF490-637C-43AC-9F13-4A7250F5CEDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0007E957-4B5A-4314-8755-91FA71995FBE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{814D32AB-B28C-4A0D-BFA7-52BC66CCD8E1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35240BEF-8581-414D-BF29-5A55B25D7DB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FF8CDA2D-027A-409B-8160-78D2D96E3734}C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe] => (Allow) C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe No File
FirewallRules: [TCP Query User{A87F28E8-907D-4664-AA28-5FAA8C93F0F0}C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe] => (Allow) C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe No File
FirewallRules: [{F2206DE6-0D14-4261-AB24-34811173626D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D8F30375-3C72-454B-8118-32490EE41161}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{16C2767B-4249-4877-BC47-529F07F9AA8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{1A52BF34-C912-44B0-B9C8-D2C1ED08A3C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{004A46C5-9FC5-4084-B6FE-ACF744C2A616}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{4AC1C3B9-83A1-42AE-874A-98236B3093D2}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]
FirewallRules: [{E9DF5F09-314A-4C93-891E-69E72053E6CC}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]
FirewallRules: [TCP Query User{C7093E7D-54A1-4F1B-89A9-E97387FF9068}C:\users\matej\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matej\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{BD4C61A6-B966-4F49-9DEA-08B86EC1CBCA}C:\users\matej\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matej\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6655F949-6125-45EF-943D-26B56B697B4B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5B8DBDA-CE72-46BE-B453-0DECAC007A99}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{53FD5C46-3509-4B09-983C-12F3CBA258F1}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{34B2DE71-4C42-4464-854D-60F0EFA69C63}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6F32E161-C017-4088-B88D-1815AFFB2B6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1E1A1659-AF50-45A2-A3CB-D1D912684779}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{683EEC04-FBCC-4087-8F7C-67C9D7D5A595}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{894C1DE8-C275-4633-884A-E0AFEA87717A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{83DE14DC-3986-4AC9-A3A0-FC7967E82F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe (ConcernedApe) [File not signed]
FirewallRules: [{AE766422-798B-4004-8807-20C5B7C57DCB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{8F0E75BD-0681-4AB4-8DCF-7C04C362D54F}C:\program files (x86)\total war three kingdoms\three_kingdoms.exe] => (Block) C:\program files (x86)\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [UDP Query User{6825F6F1-F7CB-4F4F-9F66-AD4B58ED085D}C:\program files (x86)\total war three kingdoms\three_kingdoms.exe] => (Block) C:\program files (x86)\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{F1E853C7-FBFD-44DC-BC48-F295208D8331}] => (Allow) C:\Users\Matej\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F5F69316-2CB1-47F2-B882-CE0F86D82852}] => (Allow) C:\Users\Matej\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4851507E-CFD9-414A-8E76-2AB718AF633F}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

01-08-2019 14:52:04 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2019 08:53:44 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/08/2019 08:53:44 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/07/2019 08:03:20 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QMQ3BRT)
Description: httphttp-2147467263

Error: (08/07/2019 08:03:12 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QMQ3BRT)
Description: httphttp-2147467263

Error: (08/06/2019 01:23:37 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/06/2019 01:23:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/05/2019 09:38:12 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/05/2019 09:38:12 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (08/08/2019 09:20:40 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/08/2019 08:58:51 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/08/2019 08:35:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/08/2019 08:34:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/08/2019 08:34:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2019 08:03:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2019 05:38:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/07/2019 05:38:12 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-08-07 10:32:06.486
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0C295BAB-11A7-4BE1-9BA3-E1EFCE32E57D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-06 19:32:03.918
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DFA4FA9D-0957-4567-951C-D779FBAD5DCC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-06 17:23:18.373
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A1AE0A18-C7C4-4805-9D5C-CD158A7832FC}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-06 13:53:21.500
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7F9A3656-BB66-42EE-8205-078C52205D00}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-05 20:19:55.562
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0BAC2A25-C8FD-4FB5-B023-BD6CC66BF7CD}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-26 08:31:40.733
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.484.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-07-18 14:33:29.938
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:29.933
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:29.924
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:26.248
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Store signing level requirements.

Date: 2019-07-18 14:33:26.235
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 19:43:05.619
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 19:43:05.612
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 02:19:25.485
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. E16Q2IMS.111 12/05/2018
Motherboard: Micro-Star International Co., Ltd. MS-16Q2
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 30%
Total physical RAM: 16230.78 MB
Available physical RAM: 11300.07 MB
Total Virtual: 18662.78 MB
Available Virtual: 11922.3 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:149.16 GB) NTFS

\\?\Volume{e8093537-c30a-4149-a597-ef38ab14678e}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.48 GB) NTFS
\\?\Volume{bdd51151-22c4-48e6-bb71-2dbd94302ddc}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B5C93904)

Partition: GPT.

==================== End of Addition.txt ============================

[Conder]

Ahoj

Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/

• Uloz na plochu a ukonci vsetky programy
• Spusti AdwCleaner ako spravca
• Odsuhlas licencne podmienky
• Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
• Nechaj zaskrtnute vsetky nalezy
• Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
• Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
• Otvori sa log, jeho obsah sem skopiruj

[Matthew147]

Instapaper používám, to je zajímavé.



# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-08-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-11-2019
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 2
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted Instapaper
Deleted KeyRocket for Gmail™

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1386 octets] - [11/08/2019 12:16:52]
AdwCleaner[S01].txt - [1447 octets] - [11/08/2019 12:17:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########

[Conder]

Niektore programy mozu nainstalovat rozne doplnky/rozsirenia do prehliadacov aj bez vedomia uzivatela, pripadne ich nainstaluje sam uzivatel nedopatrenim/omylom. Odporucam skontrolovat nainstalovane rozsirenia v Chrome a odstranit tie, ktore nepoznas/nepouzivas.

Poprosim o obidva logy z FRST (FRST.txt a Addition.txt) podla tohto navodu: https://forum.viry.cz/viewtopic.php?f=13&t=154679

[Matthew147]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-08-2019
Ran by Matej (administrator) on DESKTOP-QMQ3BRT (Micro-Star International Co., Ltd. GS65 Stealth Thin 8RE) (13-08-2019 19:08:59)
Running from C:\Users\Matej\Downloads
Loaded Profiles: Matej (Available Profiles: Matej)
Platform: Windows 10 Home Version 1803 17134.885 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicService.exe
(A-Volute -> Nahimic) C:\Windows\System32\NahimicSvc64.exe
(A-Volute -> Nahimic) C:\Windows\SysWOW64\NahimicSvc32.exe
(F.lux Software LLC -> f.lux Software LLC) C:\Users\Matej\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_de4e751ab44b3d66\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_base.inf_amd64_de4e751ab44b3d66\IntelCpHeciSvc.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
(Micro-Star International CO., LTD. -> ) C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
(Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe
(Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(Notion Labs, Inc. -> Notion Labs, Incorporated) C:\Users\Matej\AppData\Local\Programs\Notion\Notion.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(RescueTime, Inc.) [File not signed] C:\Program Files (x86)\RescueTime\RescueTime.exe
(Rivet Networks LLC -> CloudBees, Inc.) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe
(Rivet Networks LLC -> Rivet Networks LLC) C:\Windows\System32\drivers\RivetNetworks\Killer\xTendUtility.exe
(Rivet Networks LLC -> Rivet Networks) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Matej\AppData\Local\slack\app-4.0.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Matej\AppData\Local\slack\app-4.0.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Matej\AppData\Local\slack\app-4.0.1\slack.exe
(Slack Technologies, Inc. -> Slack Technologies) C:\Users\Matej\AppData\Local\slack\app-4.0.1\slack.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(ZenGuard GmbH -> ZenGuard GmbH) C:\Program Files\ZenMate 5\ZenMate.Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [833312 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [f.lux] => C:\Users\Matej\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46993264 2019-06-27] (Google LLC -> )
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\MountPoints2: {6842bd08-8d96-11e9-90f5-48a47204cb3e} - "D:\setup.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe [2019-08-08] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\76.0.67.125\Installer\chrmstp.exe [2019-08-13] (Brave Software, Inc.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2019-04-17]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS -> SteelSeries ApS)
Startup: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2019-04-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2019-05-16]
ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FF9287-37CC-48DF-AE32-754DDD9026C3} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {09D1E981-3A7F-47A2-95F4-B5C2CB93C97D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1217D46B-B273-498E-89E5-882F8EBC1593} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {13E95CEA-635E-49A5-82F0-E22985D06787} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16040355-746F-44AB-A90B-C9E229EAC5AD} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F09D35C-DEE7-4E07-B7C9-A2C68FB41608} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {2316A46B-19F7-4500-AB85-59AC7457D52D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A79465A-DB31-4228-A34E-0130F0804FEC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2BF57E67-FAB6-47A9-8DA7-2A24B85CF45C} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\Matej\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {2C7E5F4D-D4BC-4B88-8D6C-47F191941663} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {320B8DA6-5540-407A-9515-D64096700099} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [6138664 2019-04-13] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
Task: {39CCBE24-B0D0-4C7D-BFA7-28ADC412E9A9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {400B0B64-E935-42BA-8DB3-B1FCC0A1523B} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {430C9DF8-5F70-4383-BB21-760B86040060} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16494464 2019-03-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {4729B776-CD4F-416B-AC7B-A506D15C4BEB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {58750A82-6BB4-4E52-8C12-E1B4900E4FFF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5F843E76-EE12-407D-AF51-BB8E13275D69} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-17] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {61A919C5-CB1A-4621-8A5B-8EF3EBFC446B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2206352 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {691069DB-D509-49EB-B99B-8C017AB77BE5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6450840 2019-07-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C058FA4-1AB8-4F48-96CB-43E31A844E2C} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {72998902-70FC-463A-B35C-515378BBEDA5} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {84BAC296-E611-477C-8681-1B63B4E78061} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {8F3AB0A0-12A7-4494-A626-8286D065EDC0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {97C85384-01DD-4F00-8ECA-199B9710B06C} - System32\Tasks\NahimicTask64 => C:\WINDOWS\System32\.\NahimicSvc64.exe [882104 2018-10-31] (A-Volute -> Nahimic)
Task: {A7B1BAE1-5018-4E92-8BBD-EB097490E358} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {AABB60DF-B510-408B-84BC-FA388021ED5C} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {AB1A17A7-89E2-46C5-B850-49F1D83AD4F1} - System32\Tasks\NahimicTask32 => C:\WINDOWS\System32\..\SysWOW64\NahimicSvc32.exe [676792 2018-10-31] (A-Volute -> Nahimic)
Task: {B42E9F73-CEAB-43B3-A742-1E2AD9FEF12F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [154072 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFD35786-4107-413B-948D-92DC22884329} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C8184D86-2C7A-44AD-B535-653D9BFDEEBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {C96CC39D-EFD8-4B2D-BDCA-B20ECC6258EE} - System32\Tasks\NahimicSvc64Run => C:\Windows\System32\NahimicSvc64.exe [882104 2018-10-31] (A-Volute -> Nahimic)
Task: {CF302409-D72B-4D2C-8637-EE8E7BEEA925} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2318376 2019-07-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {D31C1029-5CF0-4EB0-A4C8-ADF2CBCEDEF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MpCmdRun.exe [469960 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD178956-0469-4994-A2D7-354E68CADD1E} - System32\Tasks\NahimicSvc32Run => C:\Windows\SysWOW64\NahimicSvc32.exe [676792 2018-10-31] (A-Volute -> Nahimic)
Task: {E4DEBD37-1ED5-4DA7-A537-83CC6499FAFB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27351864 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {E80CD8A8-906F-4760-8637-BE847680E37C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EE8D0C74-5249-44CE-A3DC-D7688CA52B57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156456 2019-04-03] (Google Inc -> Google LLC)
Task: {FAB88457-85A6-43BF-A4CB-E2C43729385B} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {FC90E583-E856-4718-B4BB-93900F57180A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{71aa142b-bf0d-4f52-bbb5-f36ddddb56b3}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17swin10.msn.com/?pc=NSJE
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17swin10.msn.com/?pc=NSJE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2019-04-17] (Evernote Corporation -> Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-07-16] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: so9ru0hr.default
FF ProfilePath: C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\so9ru0hr.default [2019-07-01]
FF ProfilePath: C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\s9ombob0.default-release [2019-08-08]
FF Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Roaming\Mozilla\Firefox\Profiles\s9ombob0.default-release\Extensions\{b6425a68-cf3b-4285-b6a9-649f9fc0ec91}.xpi [2019-08-08]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-03] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.cz/
CHR StartupUrls: Default -> "hxxps://www.wunderlist.com/webapp#/lists/inbox/ ... _7%7Cmonth"
CHR DefaultSearchURL: Default -> hxxps://d3ki9tyy5l5ruj.cloudfront.net/obj/8897db9ac54fb68c74f76b4d3e2e753b524fca42/Favicon@3x.png
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default [2019-08-13]
CHR DownloadDir: C:\Users\Matej\Downloads
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-03]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-03]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-03]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-03]
CHR Extension: (LINER - Web/PDF Highlighter) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhcbmnbenmcecpmpepghooflbehcack [2019-08-01]
CHR Extension: (Pushbullet) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2019-08-12]
CHR Extension: (uBlock Origin) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-23]
CHR Extension: (Adblock for Youtube™) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2019-04-05]
CHR Extension: (Mendeley Web Importer) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2019-08-12]
CHR Extension: (Reader View) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecabifbgmdmgdllomnfinbmaellmclnh [2019-05-28]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-03]
CHR Extension: (News Feed Eradicator for Facebook) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjcldmjmjhkklehbacihaiopjklihlgg [2019-04-05]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gamblpaiplkihjneblbnoniddfockndi [2019-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-03]
CHR Extension: (Asana) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijpcmgkkjdlelnbnjmklkjpgcmamndb [2019-05-17]
CHR Extension: (Save to Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2019-04-05]
CHR Extension: (Grammarly for Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-11]
CHR Extension: (Notion Web Clipper) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\knheggckgoiihginacbkhaalnibhilkk [2019-07-04]
CHR Extension: (StayFocusd) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2019-04-05]
CHR Extension: (Momentum) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2019-08-04]
CHR Extension: (Instapaper) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjkgaaoikpmhmkelcgkgacicjfbofhh [2019-08-11]
CHR Extension: (DF Tube (Distraction Free for YouTube™)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepdfccjgcndkmemponafgioodelna [2019-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-03]
CHR Extension: (Simple EPUB Reader) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2019-04-05]
CHR Extension: (TunnelBear VPN) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-04-05]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-08]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\Desktop\Software\depro [2019-08-13]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-08-13]
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-30]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-30]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-04-30]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-30]
CHR Extension: (uBlock Origin) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-07-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-27]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-30]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gamblpaiplkihjneblbnoniddfockndi [2019-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-08-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-30]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3 [2019-08-13]
CHR Extension: (Slides) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-07-17]
CHR Extension: (Docs) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-17]
CHR Extension: (Google Drive) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-17]
CHR Extension: (YouTube) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-07-17]
CHR Extension: (Sheets) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-07-17]
CHR Extension: (deprocrastination - block sites on Chrome) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gamblpaiplkihjneblbnoniddfockndi [2019-08-13]
CHR Extension: (Google Docs Offline) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-07-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-07-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-07-17]
CHR Extension: (Gmail) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-17]
CHR Extension: (Chrome Media Router) - C:\Users\Matej\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-09]
CHR Profile: C:\Users\Matej\AppData\Local\Google\Chrome\User Data\System Profile [2019-07-17]
CHR HKU\S-1-5-21-105526560-3629586505-1581754559-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [159368 2019-06-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11469920 2019-07-26] (Microsoft Corporation -> Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 Killer Network Service; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2484992 2018-09-05] (Rivet Networks LLC -> Rivet Networks)
R2 Micro Star SCM; C:\Windows\SysWOW64\MSIService.exe [160768 2009-07-10] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\MSIAPService.exe [47568 2018-10-30] (Micro-Star International CO., LTD. -> Micro-Star International Co., Ltd.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] (Intel Corporation -> )
R2 NahimicService; C:\WINDOWS\System32\NahimicService.exe [1216968 2018-10-31] (A-Volute -> Nahimic)
R2 RtkAudioUniversalService; C:\WINDOWS\System32\RtkAudUService64.exe [833312 2019-01-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
R2 Sendevsvc; C:\Program Files (x86)\MSI\Dragon Center\Sendevsvc\Sendevsvc.exe [302888 2019-01-30] (Micro-Star International CO., LTD. -> )
R2 SynTPEnhService; C:\WINDOWS\System32\SynTPEnhService.exe [399440 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\NisSrv.exe [2552416 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1907.4-0\MsMpEng.exe [108832 2019-07-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 xTendSoftAPService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendSoftAPService.exe [72952 2018-09-05] (Rivet Networks LLC -> CloudBees, Inc.)
R2 xTendUtilityService; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\xTendUtilityService.exe [72952 2018-09-05] (Rivet Networks LLC -> CloudBees, Inc.)
R2 ZenMate5Service; C:\Program Files\ZenMate 5\ZenMate.Service.exe [161232 2019-08-08] (ZenGuard GmbH -> ZenGuard GmbH)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel Corporation -> Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 iaStorAC; C:\WINDOWS\System32\drivers\iaStorAC.sys [942128 2018-02-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [72248 2018-02-12] (Intel(R) Rapid Storage Technology -> Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-11] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 KfeCoSvc; C:\WINDOWS\System32\drivers\RivetNetworks\Killer\KfeCo10X64.sys [154752 2018-09-05] (Rivet Networks LLC -> Rivet Networks, LLC.)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-12] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8646632 2018-01-25] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [8964216 2018-09-26] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt100x.sys [137768 2018-03-30] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_28561576d9165991\nvlddmkm.sys [21657024 2019-04-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [47368 2018-03-30] (Synaptics Incorporated -> Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [56912 2018-08-30] (Synaptics Incorporated -> Synaptics Incorporated)
S3 ssbthid; C:\WINDOWS\System32\drivers\ssbthid.sys [43824 2017-12-15] (SteelSeries ApS -> )
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46776 2019-02-01] (SteelSeries ApS -> )
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48032 2019-02-01] (SteelSeries ApS -> SteelSeries ApS)
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [41312 2019-02-01] (SteelSeries ApS -> )
S3 STTub30; C:\WINDOWS\System32\Drivers\STTub30.sys [54104 2017-12-15] (STMicroelectronics -> STMicroelectronics)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [47496 2019-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [344288 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54496 2019-07-26] (Microsoft Windows -> Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-12] (Micro-Star Int'l Co. Ltd. -> )
S3 WinRing0_1_2_0; \??\C:\Users\Matej\Desktop\Software\ThrottleStop\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 19:08 - 2019-08-13 19:09 - 000043704 _____ C:\Users\Matej\Downloads\FRST.txt
2019-08-13 19:08 - 2019-08-13 19:08 - 002097664 _____ (Farbar) C:\Users\Matej\Downloads\FRST64.exe
2019-08-13 12:23 - 2019-08-13 12:23 - 002058611 _____ C:\Users\Matej\Downloads\my-extension32.zip
2019-08-11 12:16 - 2019-08-11 12:18 - 000000000 ____D C:\AdwCleaner
2019-08-08 23:28 - 2019-08-09 10:09 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2019-08-08 23:05 - 2019-08-08 23:06 - 000000000 ____D C:\Program Files\TAP-Windows
2019-08-08 23:04 - 2019-08-10 17:35 - 000000000 ____D C:\Users\Matej\AppData\Local\ZenMate
2019-08-08 23:04 - 2019-08-08 23:06 - 000000000 ____D C:\Program Files\ZenMate 5
2019-08-08 23:04 - 2019-08-08 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZenMate 5
2019-08-08 09:54 - 2019-08-06 11:36 - 003459323 _____ C:\Users\Matej\Downloads\Gabriel Weinberg, Justin Mares - Traction_ a startup guide to getting customers-S-curves Publishing (2014).epub
2019-08-08 09:31 - 2019-08-13 19:08 - 000000000 ____D C:\FRST
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Plays
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plays.tv, Inc
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Local\Plays-ltc
2019-08-06 17:46 - 2019-08-07 20:03 - 000000000 ____D C:\Users\Matej\AppData\Local\Plays
2019-07-29 09:54 - 2019-07-29 11:04 - 000000000 ____D C:\Users\Matej\AppData\Roaming\ScreenToGif
2019-07-24 14:34 - 2019-08-08 17:22 - 000000000 ____D C:\Program Files (x86)\Icecream Ebook Reader
2019-07-24 14:34 - 2019-07-24 14:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2019-07-24 14:32 - 2019-07-24 14:39 - 000000000 ____D C:\Users\Matej\AppData\LocalLow\BitTorrent
2019-07-24 14:30 - 2019-07-24 14:40 - 000000000 ____D C:\Users\Matej\AppData\Roaming\BitTorrent
2019-07-24 14:30 - 2019-07-24 14:30 - 000000903 _____ C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2019-07-22 15:47 - 2019-07-22 15:47 - 000000761 _____ C:\Users\Matej\Desktop\Downloads.lnk
2019-07-18 15:18 - 2019-08-08 09:54 - 000000000 ____D C:\Users\Matej\.ebookreader
2019-07-18 15:18 - 2019-07-18 15:18 - 000000000 ____D C:\Users\Matej\AppData\Local\Icecream
2019-07-18 15:18 - 2019-07-18 15:18 - 000000000 ____D C:\Users\Matej\AppData\Local\CrashRpt
2019-07-16 18:28 - 2019-08-13 12:16 - 000212992 _____ C:\WINDOWS\system32\ClickToRun_Pipeline16
2019-07-16 15:16 - 2019-07-16 15:16 - 000000000 ____D C:\Users\Matej\AppData\Roaming\The Creative Assembly
2019-07-16 12:57 - 2019-07-16 12:57 - 000000000 ____D C:\Users\Matej\AppData\Local\ElevatedDiagnostics
2019-07-16 12:54 - 2019-07-16 12:54 - 000000335 _____ C:\Users\Matej\Desktop\computer.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-13 18:50 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-08-13 18:38 - 2019-04-23 19:24 - 000000000 ____D C:\ProgramData\Common
2019-08-13 18:19 - 2019-05-16 23:09 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Notion
2019-08-13 18:02 - 2019-05-07 02:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-08-13 15:11 - 2019-06-16 22:42 - 000000000 ____D C:\Program Files (x86)\Steam
2019-08-13 14:13 - 2019-04-17 17:30 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Slack
2019-08-13 13:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-08-13 12:57 - 2019-04-29 17:35 - 000000000 ___RD C:\Google Drive
2019-08-13 12:27 - 2019-06-02 04:02 - 000002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2019-08-13 12:25 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-08-13 12:25 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-08-13 12:22 - 2019-05-07 02:21 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-08-13 12:22 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2019-08-13 12:16 - 2019-05-07 02:18 - 000003112 _____ C:\WINDOWS\System32\Tasks\NahimicTask32
2019-08-13 12:16 - 2019-05-07 02:18 - 000003092 _____ C:\WINDOWS\System32\Tasks\NahimicTask64
2019-08-13 12:16 - 2019-05-07 02:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-08-13 12:16 - 2019-04-03 01:45 - 000000000 __SHD C:\Users\Matej\IntelGraphicsProfiles
2019-08-13 12:16 - 2018-03-31 01:13 - 000000000 ____D C:\ProgramData\NVIDIA
2019-08-12 18:25 - 2018-04-11 23:04 - 000262144 _____ C:\WINDOWS\system32\config\BBI
2019-08-12 18:21 - 2019-07-03 09:35 - 000000000 ____D C:\Games
2019-08-12 17:29 - 2019-06-16 22:21 - 000000000 ____D C:\Users\Matej\AppData\Local\D3DSCache
2019-08-11 23:40 - 2019-07-01 20:56 - 000000000 ____D C:\Users\Matej\AppData\Roaming\StardewValley
2019-08-11 22:08 - 2019-06-25 22:25 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Discord
2019-08-11 12:23 - 2019-04-17 17:16 - 000000000 ____D C:\Users\Matej\Desktop\Software
2019-08-08 22:51 - 2019-04-03 01:48 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-08-08 22:51 - 2019-04-03 01:48 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-08-08 15:57 - 2019-06-02 04:07 - 000000000 ____D C:\Users\Matej\AppData\LocalLow\Mozilla
2019-08-08 15:39 - 2019-07-01 08:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-08-08 15:39 - 2019-07-01 08:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-08-08 11:11 - 2019-05-16 22:05 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Spotify
2019-08-08 10:48 - 2019-04-30 18:38 - 000000000 ____D C:\Users\Matej\AppData\Roaming\FileZilla
2019-08-08 10:45 - 2019-04-30 18:38 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2019-08-08 10:45 - 2019-04-30 18:38 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2019-08-08 10:42 - 2019-04-30 18:38 - 000000000 ____D C:\Users\Matej\AppData\Local\FileZilla
2019-08-08 09:47 - 2019-04-03 01:45 - 000000000 ____D C:\Users\Matej\AppData\Local\Packages
2019-08-06 17:46 - 2019-04-17 17:30 - 000000000 ____D C:\Users\Matej\AppData\Local\SquirrelTemp
2019-08-06 11:40 - 2019-04-30 18:51 - 000000000 ____D C:\Users\Matej\.atom
2019-08-06 09:15 - 2019-05-16 22:08 - 000000000 ____D C:\Users\Matej\AppData\Local\Spotify
2019-08-05 08:50 - 2019-07-04 18:13 - 000002258 _____ C:\Users\Matej\Desktop\Notion.lnk
2019-08-05 08:05 - 2019-04-28 20:27 - 000000000 ____D C:\Users\Matej\AppData\Local\SAP
2019-08-04 17:39 - 2018-03-31 01:17 - 000000000 ____D C:\ProgramData\A-Volute
2019-08-02 20:22 - 2019-04-04 08:42 - 000000000 ____D C:\Program Files\rempl
2019-07-31 11:10 - 2019-04-08 07:23 - 000000001 _____ C:\Users\Public\Documents\dgc_DC.txt
2019-07-29 09:18 - 2019-04-17 18:07 - 000000000 ____D C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2019-07-29 09:18 - 2019-04-17 18:07 - 000000000 ____D C:\Users\Matej\AppData\Local\slack
2019-07-29 09:10 - 2019-04-23 19:52 - 000000000 ____D C:\Program Files\Microsoft Office
2019-07-29 09:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-07-26 12:59 - 2019-04-05 22:34 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-07-23 18:41 - 2019-04-03 01:45 - 000000000 ____D C:\Users\Matej\AppData\Local\PlaceholderTileLogoFolder
2019-07-22 17:54 - 2019-06-27 10:47 - 000000000 ____D C:\Users\Matej\AppData\Local\Pushbullet
2019-07-18 15:18 - 2019-05-07 02:16 - 000000000 ____D C:\Users\Matej
2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2019-07-15 00:26 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-07-14 16:47 - 2019-05-07 02:18 - 000000000 ___RD C:\Users\Matej\3D Objects
2019-07-14 16:47 - 2017-10-19 14:14 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-07-14 00:05 - 2019-05-07 02:15 - 000408440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellComponents
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2019-07-14 00:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-07-14 00:05 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2019
Ran by Matej (13-08-2019 19:09:52)
Running from C:\Users\Matej\Downloads
Windows 10 Home Version 1803 17134.885 (X64) (2019-05-07 00:18:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-105526560-3629586505-1581754559-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-105526560-3629586505-1581754559-503 - Limited - Disabled)
Guest (S-1-5-21-105526560-3629586505-1581754559-501 - Limited - Disabled)
Matej (S-1-5-21-105526560-3629586505-1581754559-1001 - Administrator - Enabled) => C:\Users\Matej
WDAGUtilityAccount (S-1-5-21-105526560-3629586505-1581754559-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Atom (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\atom) (Version: 1.38.2 - GitHub Inc.)
Backup and Sync from Google (HKLM\...\{768C0072-2FD2-4934-9824-B2A1E81AEA5D}) (Version: 3.45.5545.5747 - Google, Inc.)
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1505.2901 - Micro-Star International Co., Ltd.)
BitTorrent (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\BitTorrent) (Version: 7.10.5.45272 - BitTorrent Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 76.0.67.125 - Brave Software Inc)
CCleaner (HKLM\...\CCleaner) (Version: 5.55 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.5 - Ursa Minor Ltd)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0939 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.5.1904.1201 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 2.5.1904.1201 - Micro-Star International Co., Ltd.)
Evernote v. 6.17.7 (HKLM-x32\...\{B47B6F80-6143-11E9-9F8E-005056951CAD}) (Version: 6.17.7.8474 - Evernote Corp.)
f.lux (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Flux) (Version: - f.lux Software LLC)
FileZilla Client 3.43.0 (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\FileZilla Client) (Version: 3.43.0 - Tim Kosse)
Git version 2.22.0.windows.1 (HKLM\...\Git_is1) (Version: 2.22.0.windows.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.100 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Icecream Ebook Reader version 5.12 (HKLM-x32\...\{B8C30F0F-1F23-49E1-A3ED-44DE17660EE2}_is1) (Version: 5.12 - Icecream Apps)
Intel(R) Chipset Device Software (HKLM-x32\...\{55d73ea7-6354-42db-8831-02d048ae57f8}) (Version: 10.1.17541.8066 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1808.12.0.1102 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4974 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000030-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\3498B7189B13CBC3673674CD226F4540F628CCB8) (Version: 1.1.5.0 - ENE TECHNOLOGY INC.)
Microsoft Office 365 - cs-cz (HKLM\...\O365HomePremRetail - cs-cz) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11901.20176 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 67.0.4 (x64 cs) (HKLM\...\Mozilla Firefox 67.0.4 (x64 cs)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Node.js (HKLM\...\{E3C2DC65-9DCA-4422-BDDE-0489B89A16D2}) (Version: 10.16.0 - Node.js Foundation)
Notion 1.0.8 (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 1.0.8 - Notion Labs, Incorporated)
NVIDIA HD Audio Driver 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11901.20176 - Microsoft Corporation) Hidden
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8383 - Realtek Semiconductor Corp.)
RescueTime 2.14.2.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
Slack (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\slack) (Version: 4.0.1 - Slack Technologies)
Spotify (HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\Spotify) (Version: 1.1.12.449.g4109e645 - Spotify AB)
SteelSeries Engine 3.14.0 (HKLM\...\SteelSeries Engine 3) (Version: 3.14.0 - SteelSeries ApS)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Thunderbolt™ Software (HKLM-x32\...\{B43DE90F-2638-4FCC-982E-383200E80797}) (Version: 17.3.74.400 - Intel Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
ZenMate 5 (HKLM\...\ZenMate 5) (Version: 5.0.1.4733 - ZenGuard GmbH)

Packages:
=========
Killer Control Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_1.6.2163.0_x64__rh07ty8m5nkag [2019-05-07] (Rivet Networks LLC)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-03] (Microsoft Corporation) [MS Ad]
Nahimic -> C:\Program Files\WindowsApps\A-Volute.Nahimic_1.3.2.0_x64__w2gh52qy24etm [2019-08-02] (A-Volute)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.168.0_x64__dt26b99r8h8gj [2019-04-07] (Realtek Semiconductor Corp)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-27] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-06-13] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-27] (Google LLC -> Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\cui_component.inf_amd64_df4f60b1cae9b14a\igfxDTCM.dll [2018-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Matej\Desktop\Software\Asana.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=gijpcmgkkjdlelnbnjmklkjpgcmamndb
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simple EPUB Reader.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ojhbgcchcbdjdenibfmjofobklkkhofc
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Social Media - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Work - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Matej\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Fun - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2019-08-13 18:19 - 2019-08-13 18:19 - 001953792 _____ () [File not signed] \\?\C:\Users\Matej\AppData\Local\Temp\05ec82a4-9d5d-4702-956d-cb6db1ee10ef.tmp.node
2019-08-13 18:19 - 2019-08-13 18:19 - 000490496 _____ () [File not signed] \\?\C:\Users\Matej\AppData\Local\Temp\36296da4-ef09-40c4-832b-c2a4892aeded.tmp.node
2019-05-16 23:09 - 2019-08-03 00:43 - 001955328 _____ () [File not signed] C:\Users\Matej\AppData\Local\Programs\Notion\ffmpeg.dll
2019-05-16 23:09 - 2019-08-03 00:43 - 000017920 _____ () [File not signed] C:\Users\Matej\AppData\Local\Programs\Notion\libegl.dll
2019-05-16 23:09 - 2019-08-03 00:43 - 003687936 _____ () [File not signed] C:\Users\Matej\AppData\Local\Programs\Notion\libglesv2.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 000113664 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_ctypes.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000173568 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_elementtree.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001800192 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_hashlib.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000032256 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_multiprocessing.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000046080 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_psutil_windows.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000047616 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_socket.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 002230784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_ssl.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000026112 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\_yappi.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000080896 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\bz2.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 006277632 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\cello.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000014848 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\common.time34.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000007680 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\hashobjs_ext.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000301568 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\PIL._imaging.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000169472 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\pyexpat.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001084416 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\pysqlite2._sqlite.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000548864 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\pythoncom27.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 000137728 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\pywintypes27.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 000010752 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\select.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000020992 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\thumbnails_ext.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000689664 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\unicodedata.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000118784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\usb_ext.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000128512 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32api.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000438784 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32com.shell.shell.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000011776 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32crypt.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000023040 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32event.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000149504 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32file.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000223232 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32gui.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000048128 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32inet.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000029696 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32pdh.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000027648 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32pipe.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000044032 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32process.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000020480 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32profile.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000136192 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32security.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000026624 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\win32ts.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000034304 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\windows.conditional.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000038400 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\windows.connectivity.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000073216 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\windows.device_monitor.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000110592 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\windows.volumes.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000020480 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\windows.winwrap.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001325056 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._controls_.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001489408 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._core_.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001007104 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._gdi_.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000103424 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._html2.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 000916992 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._misc_.pyd
2019-08-13 12:16 - 2019-08-13 12:16 - 001039872 _____ () [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wx._windows_.pyd
2018-04-25 22:30 - 2018-04-25 22:30 - 000240128 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\NahimicAPI.dll
2018-11-23 17:01 - 2018-11-23 17:01 - 000438784 _____ (A-Volute) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\YooMixCOM.dll
2019-04-23 19:52 - 2019-04-23 19:52 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2019-04-23 19:52 - 2019-04-23 19:52 - 000000000 ____L (Microsoft Corporation) C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2016-08-11 06:34 - 2016-08-11 06:34 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\MSIAPP_Service\WinIo64.dll
2015-06-12 05:35 - 2015-06-12 05:35 - 000047816 _____ (MICRO-STAR INTERNATIONAL CO., LTD -> www.internals.com) [File not signed] C:\Program Files (x86)\MSI\Dragon Center\WinIo64.dll
2009-07-10 00:54 - 2009-07-10 00:54 - 000160768 _____ (Micro-Star International Co., Ltd.) [File not signed] C:\Windows\SysWOW64\MSIService.exe
2019-05-16 23:09 - 2019-08-03 00:43 - 017861632 _____ (Node.js) [File not signed] C:\Users\Matej\AppData\Local\Programs\Notion\node.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 003042304 _____ (Python Software Foundation) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\python27.dll
2019-05-16 21:59 - 2018-12-07 21:51 - 003109888 _____ (RescueTime, Inc.) [File not signed] C:\Program Files (x86)\RescueTime\RescueTime.exe
2019-08-13 12:16 - 2019-08-13 12:16 - 000202240 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxbase30u_net_vc90_x64.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 002831872 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxbase30u_vc90_x64.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 001654784 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxmsw30u_adv_vc90_x64.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 006542336 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxmsw30u_core_vc90_x64.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 000773632 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxmsw30u_html_vc90_x64.dll
2019-08-13 12:16 - 2019-08-13 12:16 - 000137216 _____ (wxWidgets development team) [File not signed] C:\Users\Matej\AppData\Local\Temp\_MEI98362\wxmsw30u_webview_vc90_x64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\sharepoint.com -> hxxps://vse-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 15:46 - 2017-09-29 15:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\StartupFolder: => "SteelSeries Engine 3.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\Run: => "com.squirrel.slack.slack"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{98E34F87-711F-48B0-8D52-522AC59561E6}C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe] => (Allow) C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe No File
FirewallRules: [TCP Query User{56D57F84-A3D0-404B-A9B7-BA53DCA8721B}C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe] => (Allow) C:\program files\sap predictive analytics\desktop\expert\desktop\sappredictiveanalysis.exe No File
FirewallRules: [{99EDF490-637C-43AC-9F13-4A7250F5CEDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0007E957-4B5A-4314-8755-91FA71995FBE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{814D32AB-B28C-4A0D-BFA7-52BC66CCD8E1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35240BEF-8581-414D-BF29-5A55B25D7DB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{FF8CDA2D-027A-409B-8160-78D2D96E3734}C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe] => (Allow) C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe No File
FirewallRules: [TCP Query User{A87F28E8-907D-4664-AA28-5FAA8C93F0F0}C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe] => (Allow) C:\users\matej\appdata\local\temp\temp1_msiproductreghelper31.zip\msiproductreghelper.exe No File
FirewallRules: [{F2206DE6-0D14-4261-AB24-34811173626D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D8F30375-3C72-454B-8118-32490EE41161}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{16C2767B-4249-4877-BC47-529F07F9AA8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{1A52BF34-C912-44B0-B9C8-D2C1ED08A3C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe No File
FirewallRules: [{004A46C5-9FC5-4084-B6FE-ACF744C2A616}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{4AC1C3B9-83A1-42AE-874A-98236B3093D2}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]
FirewallRules: [{E9DF5F09-314A-4C93-891E-69E72053E6CC}] => (Allow) C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.) [File not signed]
FirewallRules: [TCP Query User{C7093E7D-54A1-4F1B-89A9-E97387FF9068}C:\users\matej\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matej\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{BD4C61A6-B966-4F49-9DEA-08B86EC1CBCA}C:\users\matej\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\matej\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6655F949-6125-45EF-943D-26B56B697B4B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B5B8DBDA-CE72-46BE-B453-0DECAC007A99}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{53FD5C46-3509-4B09-983C-12F3CBA258F1}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{34B2DE71-4C42-4464-854D-60F0EFA69C63}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6F32E161-C017-4088-B88D-1815AFFB2B6F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1E1A1659-AF50-45A2-A3CB-D1D912684779}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{683EEC04-FBCC-4087-8F7C-67C9D7D5A595}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{894C1DE8-C275-4633-884A-E0AFEA87717A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe No File
FirewallRules: [{83DE14DC-3986-4AC9-A3A0-FC7967E82F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe No File
FirewallRules: [TCP Query User{8F0E75BD-0681-4AB4-8DCF-7C04C362D54F}C:\program files (x86)\total war three kingdoms\three_kingdoms.exe] => (Block) C:\program files (x86)\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [UDP Query User{6825F6F1-F7CB-4F4F-9F66-AD4B58ED085D}C:\program files (x86)\total war three kingdoms\three_kingdoms.exe] => (Block) C:\program files (x86)\total war three kingdoms\three_kingdoms.exe No File
FirewallRules: [{F1E853C7-FBFD-44DC-BC48-F295208D8331}] => (Allow) C:\Users\Matej\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F5F69316-2CB1-47F2-B882-CE0F86D82852}] => (Allow) C:\Users\Matej\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D15CC9BA-7E62-436A-8D36-FD5B95423FCE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{F914ED9F-C735-4763-8288-63534F0802F0}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Restore Points =========================

01-08-2019 14:52:04 Scheduled Checkpoint
11-08-2019 11:58:20 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2019 03:12:08 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QMQ3BRT)
Description: httphttp-2147467263

Error: (08/13/2019 03:11:29 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-QMQ3BRT)
Description: httphttp-2147467263

Error: (08/13/2019 12:36:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/13/2019 12:36:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/12/2019 10:31:53 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/12/2019 10:31:53 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/10/2019 05:53:01 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (08/10/2019 05:53:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (08/13/2019 06:07:35 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 06:02:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 06:02:27 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 03:11:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 02:13:53 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 02:11:31 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 01:18:57 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/13/2019 12:22:52 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QMQ3BRT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-QMQ3BRT\Matej SID (S-1-5-21-105526560-3629586505-1581754559-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2019-08-13 18:54:48.244
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0B339B05-4CCC-4396-A532-FEBF069B9498}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-12 17:18:17.357
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C77C3622-4C6D-47DF-96F3-925ED27F2CE4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-12 15:23:55.655
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5B19E42E-A2C5-4A39-B90B-F2C91470274A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-11 11:59:41.324
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {656008DC-7A11-4581-BB14-697BC2F65008}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-08-07 10:32:06.486
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {0C295BAB-11A7-4BE1-9BA3-E1EFCE32E57D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-07-26 08:31:40.733
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.299.484.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16200.1
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-07-18 14:33:29.938
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:29.933
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:29.924
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Microsoft signing level requirements.

Date: 2019-07-18 14:33:26.248
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Store signing level requirements.

Date: 2019-07-18 14:33:26.235
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 19:43:05.619
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\Nahimic3DevProps2.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 19:43:05.612
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

Date: 2019-05-07 02:19:25.485
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\ProgramData\A-Volute\A-Volute.Nahimic\Modules\Scheduled\x64\NahimicOSD.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. E16Q2IMS.111 12/05/2018
Motherboard: Micro-Star International Co., Ltd. MS-16Q2
Processor: Intel(R) Core(TM) i7-8750H CPU @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 16230.78 MB
Available physical RAM: 7805.88 MB
Total Virtual: 18662.78 MB
Available Virtual: 7297.97 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:237.18 GB) (Free:149.49 GB) NTFS

\\?\Volume{e8093537-c30a-4149-a597-ef38ab14678e}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.48 GB) NTFS
\\?\Volume{bdd51151-22c4-48e6-bb71-2dbd94302ddc}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: B5C93904)

Partition: GPT.

==================== End of Addition.txt ============================

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
  HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\MountPoints2: {6842bd08-8d96-11e9-90f5-48a47204cb3e} - "D:\setup.exe" 
  HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17swin10.msn.com/?pc=NSJE
  HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17swin10.msn.com/?pc=NSJE
  S3 WinRing0_1_2_0; \??\C:\Users\Matej\Desktop\Software\ThrottleStop\WinRing0x64.sys [X]
  2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
  CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
  CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
  CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
  ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
  ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
  ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  
  Hosts:
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

[Matthew147]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-08-2019
Ran by Matej (18-08-2019 12:27:36) Run:1
Running from C:\Users\Matej\Desktop
Loaded Profiles: Matej (Available Profiles: Matej)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\...\MountPoints2: {6842bd08-8d96-11e9-90f5-48a47204cb3e} - "D:\setup.exe"
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17swin10.msn.com/?pc=NSJE
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17swin10.msn.com/?pc=NSJE
S3 WinRing0_1_2_0; \??\C:\Users\Matej\Desktop\Software\ThrottleStop\WinRing0x64.sys [X]
2019-07-16 12:53 - 2019-07-03 09:42 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Matej\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 307
Average :
Sum : 209515891
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

HKU\S-1-5-21-105526560-3629586505-1581754559-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6842bd08-8d96-11e9-90f5-48a47204cb3e} => removed successfully
HKLM\Software\Classes\CLSID\{6842bd08-8d96-11e9-90f5-48a47204cb3e} => not found
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-105526560-3629586505-1581754559-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0 => removed successfully
WinRing0_1_2_0 => service removed successfully
C:\WINDOWS\msdownld.tmp => moved successfully
HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => removed successfully
HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => removed successfully
HKU\S-1-5-21-105526560-3629586505-1581754559-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 45516385 B
Java, Flash, Steam htmlcache => 394940363 B
Windows/system/drivers => 6943279 B
Edge => 607831 B
Chrome => 974988682 B
Firefox => 95727637 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 222802 B
NetworkService => 0 B
Matej => 101327532 B

RecycleBin => 10876770920 B
EmptyTemp: => 11.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:28:42 ====

[Conder]

Ako to vyzera s PC? Su nejake problemy?

[Matthew147]

Omlouvám se za pozdní odpovědi,
jsem vždy celý týden mimo.

Ne, laptop je v pořádku a všechno běží, jak má.

Děkuji mockrát,
Matěj.

[Conder]

Tak este upraceme po pouzitych nastrojoch:

• Stiahni DelFix: https://toolslib.net/downloads/finish/2-delfix/
• Uloz na plochu a spusti
• Nechaj oznacenu moznost "Remove disinfection tools"
• Klikni na "Run"