Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Kontrola FRST logů

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
michi_trung
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 22 led 2014 11:55

Kontrola FRST logů

#1 Příspěvek od michi_trung »

Dobrý den,
chtěl bych si nechat zkontrolovat logy. Poslední týden se mi stává, že se mi počítač náhodně odpojí od internetu na 1-3 sekundy a zpětně se připojí zpět. Stává se to pravidelně co 1-3 hodiny. Měl jsem zapojené dva PC přes ethernet a výpadek se vyskytuje pouze na mém počítači.

FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2019
Ran by micha (administrator) on DESKTOP-D6F6QG1 (Micro-Star International Co., Ltd MS-7A34) (29-06-2019 15:26:36)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9063712 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1150648 2017-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [f.lux] => C:\Users\micha\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [25386912 2019-06-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Vivaldi Update Notifier] => "C:\Users\micha\AppData\Local\Vivaldi\Application\update_notifier.exe"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0423729D-EBEA-48DA-824B-5CDB6CFD0E9F} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [661240 2018-08-02] (Advanced Micro Devices Inc. -> )
Task: {1B21FDF9-EB67-41DD-9615-E51573AC92BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C04DCD6-A19D-40CB-B139-4720C5400A7F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20254801-F25B-406C-90C0-DC4922917D69} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {301571E8-0A1C-49BD-8CDC-DC948D864F9A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31CCFE3A-F4DA-49A5-B5D7-66A5F03F0282} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Users\micha\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-20] (Mega Limited -> Mega Limited)
Task: {3ECCC203-D7BE-4DF3-98C2-29F68878AA19} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {43218A25-38E1-498B-A890-DB4F3AB60B88} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {45A3053C-ED25-4DFB-A0F4-B5908F51AB29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B55F0F1-1C55-47A2-BB12-B25EB8ED5D6D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6474DD-2C9E-419B-89F2-1C88E42E6943} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {528CC7FC-CA4B-4E4F-A869-665422BAF44E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DF08315-B107-4A7A-BE58-4B03DAC38A00} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [332912 2018-11-07] (NZXT -> )
Task: {5E886EC2-98A6-4C9A-8ACE-9ACFDDDEBC86} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {635545C6-4B85-46B6-B5F5-8D4D8566B528} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {7968D3E2-AB37-4ACE-83A2-BA245CAC40CE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8D22E1DE-283F-497F-85A6-B1E876A8985B} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A03783BC-34FD-4312-83EB-1E39A45FFCB1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A38B9AA8-F4F0-47D9-B871-9DAAE24BBC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AF1CBB6A-76C4-4DC6-B248-31E5FD78D0ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {AFF61958-49D7-45A1-9D3B-E5BF18B00583} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF90CE64-B666-4638-95DC-7A1E1FBEA937} - System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C77E751A-91A0-46AE-882D-9E43CC7709F2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D03E1B6E-F5EF-4333-9923-952327330BD0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3353784 2018-07-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {D047D3FD-F387-4FBF-8474-9D7B20531655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {D466CC99-FA00-428B-B1E4-9EC680E55993} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D63472F2-C507-40E8-970E-A17A3E84885E} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
Task: {D9F39606-E84C-4A8F-B944-9FA047205ED3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {E5A43161-891D-4890-BB61-081DB2C50C83} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2179145-EA09-4F98-A265-1FCCDD7F293C} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F84E7356-A3BC-4911-95F7-9AE1613EF967} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{0440be48-4edf-4eba-964c-9eecfd98950a}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{56db64ee-b847-4229-ba2e-fb8c18985a54}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: qqp4w2aq.default
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default [2019-06-29]
FF Extension: (Avast Passwords) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-15] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\sp@avast.com.xpi [2018-12-19]
FF Extension: (uBlock Origin) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\uBlock0@raymondhill.net.xpi [2018-12-16]
FF Extension: (Avast Online Security) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2019-06-29]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-24]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-24]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-24]
CHR Extension: (uBlock Origin) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21]
CHR Extension: (Avast Passwords) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2019-05-15]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Avast Online Security) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-06]
CHR Extension: (Heap Poznámka) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2018-06-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-24]
CHR Extension: (Material Simple Dark Grey) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2019-05-15]
CHR Extension: (Click&Clean App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-06-23]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2018-03-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507960 2018-11-30] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-12-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SWGVCSvc; C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe [325632 2017-04-28] (SonicWall Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1122200 2018-08-30] (Realtek Semiconductor Corp. -> Realtek )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-02-03] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 15:26 - 2019-06-29 15:27 - 000032570 _____ C:\Users\micha\Desktop\FRST.txt
2019-06-29 15:25 - 2019-06-29 15:25 - 002418688 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2019-06-29 14:29 - 2019-06-29 14:29 - 000000000 ____D C:\Windows\pss
2019-06-29 14:12 - 2019-06-29 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-06-29 14:11 - 2019-06-29 14:19 - 000498890 _____ C:\Windows\ntbtlog.txt
2019-06-29 02:46 - 2019-06-29 02:46 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-29 02:46 - 2019-06-29 02:46 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-29 02:46 - 2019-06-29 02:46 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-24 00:28 - 2019-06-24 00:28 - 002622054 _____ C:\Users\micha\Documents\Untitled 1.bmp
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2019-06-20 11:48 - 2019-06-20 11:48 - 000000000 ____D C:\Program Files\UNP
2019-06-17 23:40 - 2019-06-17 23:40 - 000287204 _____ C:\Users\micha\Downloads\video-1558264822.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000199449 _____ C:\Users\micha\Downloads\video-1557745420.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000129305 _____ C:\Users\micha\Downloads\video-1559137326.mp4
2019-06-17 23:39 - 2019-06-17 23:39 - 000390979 _____ C:\Users\micha\Downloads\video-1558546587.mp4
2019-06-17 20:15 - 2019-06-17 20:15 - 000105486 _____ C:\Users\micha\Downloads\ticket-ID0B6B.pdf
2019-06-13 21:41 - 2019-06-13 21:41 - 000000022 _____ C:\Users\micha\Downloads\MEGA-RECOVERYKEY.txt
2019-06-12 18:34 - 2019-06-12 18:34 - 001993528 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\Documents\Sony
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Apple Computer
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 023438336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 018999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012869120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012162048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 007875072 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006547144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006309256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006068224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003385344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003091968 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002926096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002653696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001929216 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001670840 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001466496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 001223168 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001219424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001048592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000863544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000773632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000752144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000730592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000676048 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000553664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000513904 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000506192 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-11 19:24 - 2019-06-11 19:24 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000419368 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000386576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000137056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000101176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BingFilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000087864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-06-06 22:08 - 2019-06-06 22:09 - 000000000 ____D C:\Users\micha\Documents\istqb
2019-06-06 22:08 - 2019-06-06 22:08 - 001491527 _____ C:\Users\micha\Downloads\fwfewpapers.zip
2019-06-02 18:49 - 2019-06-02 20:28 - 000583179 _____ C:\Users\micha\Documents\checkcheck.csv
2019-06-01 21:38 - 2019-06-01 21:38 - 000001114 _____ C:\Users\micha\Desktop\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000001100 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\StarTrinity CST
2019-06-01 20:40 - 2019-06-01 20:40 - 000000000 ____D C:\Users\micha\Downloads\startrinity_cst
2019-06-01 20:38 - 2019-06-01 20:38 - 001560001 _____ C:\Users\micha\Downloads\startrinity_cst.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-29 15:26 - 2018-12-28 18:15 - 000000000 ____D C:\FRST
2019-06-29 15:24 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2019-06-29 15:24 - 2018-06-24 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\AVAST Software
2019-06-29 15:21 - 2018-06-24 21:23 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-29 15:19 - 2018-12-20 22:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-29 15:19 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2019-06-29 15:19 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-06-29 15:18 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-06-29 14:46 - 2019-02-14 23:18 - 000745808 _____ C:\Windows\system32\perfh005.dat
2019-06-29 14:46 - 2019-02-14 23:18 - 000160320 _____ C:\Windows\system32\perfc005.dat
2019-06-29 14:46 - 2018-12-20 22:26 - 001834764 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-29 14:46 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-06-29 14:10 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2019-06-29 14:10 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job
2019-06-29 14:09 - 2018-08-20 12:27 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2019-06-29 14:09 - 2018-06-24 21:55 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2019-06-29 12:26 - 2019-02-21 20:48 - 000003194 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-06-29 12:26 - 2019-02-21 20:48 - 000002234 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-06-29 12:26 - 2019-01-26 11:25 - 000002580 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-06-29 12:26 - 2019-01-26 11:15 - 000002582 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2019-06-29 12:26 - 2019-01-04 06:27 - 000002280 _____ C:\Windows\System32\Tasks\MSIGH_Host
2019-06-29 12:26 - 2018-12-20 22:24 - 000002854 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-38818341-3388588964-4190228223-1001
2019-06-29 12:26 - 2018-12-20 22:22 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-06-29 12:26 - 2018-12-20 22:22 - 000003196 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003152 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-06-29 12:26 - 2018-12-20 22:22 - 000003048 _____ C:\Windows\System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002800 _____ C:\Windows\System32\Tasks\update-sys
2019-06-29 12:26 - 2018-12-20 22:22 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-06-29 12:26 - 2018-12-20 22:22 - 000002388 _____ C:\Windows\System32\Tasks\NahimicVRSvc64Run
2019-06-29 12:26 - 2018-12-20 22:22 - 000002380 _____ C:\Windows\System32\Tasks\NahimicVRSvc32Run
2019-06-29 12:26 - 2018-12-20 22:22 - 000002148 _____ C:\Windows\System32\Tasks\MSISW_Host
2019-06-29 12:26 - 2018-12-20 22:22 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-06-29 02:46 - 2019-02-18 00:40 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-29 02:46 - 2019-01-14 19:47 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-29 02:46 - 2018-12-20 22:22 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-29 02:46 - 2018-10-29 22:46 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-29 02:46 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-29 02:46 - 2018-06-24 21:23 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-28 23:58 - 2018-08-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Lightshot
2019-06-28 23:34 - 2018-12-20 22:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-06-28 20:06 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-28 20:06 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-06-28 12:10 - 2019-05-08 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-27 19:40 - 2019-04-17 22:00 - 000003856 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-06-27 19:40 - 2019-04-17 22:00 - 000003272 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-06-27 19:40 - 2018-08-25 11:34 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-06-27 11:18 - 2018-06-24 21:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-26 19:01 - 2018-06-25 09:12 - 000000000 ____D C:\Users\Public\Logi
2019-06-26 13:14 - 2018-06-24 21:28 - 000000000 ____D C:\MSI
2019-06-24 13:47 - 2018-06-25 08:28 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2019-06-23 19:02 - 2018-08-08 22:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2019-06-23 12:24 - 2019-01-22 01:55 - 000000000 ____D C:\Users\micha\AppData\Roaming\Code
2019-06-22 15:23 - 2018-06-24 21:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 23:46 - 2019-05-18 23:13 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2019-06-20 11:47 - 2018-12-20 22:18 - 000002363 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-20 11:47 - 2018-06-24 21:19 - 000000000 ___RD C:\Users\micha\OneDrive
2019-06-18 09:04 - 2018-06-24 21:28 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-17 19:55 - 2018-06-24 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\Telegram Desktop
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2019-06-13 21:48 - 2019-05-18 09:07 - 000000000 ___HD C:\Users\micha\Documents\ASP.core.sys
2019-06-12 18:34 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 ___RD C:\Users\micha\3D Objects
2019-06-12 18:31 - 2018-12-20 22:17 - 000258168 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 00:01 - 2019-05-21 22:55 - 000000000 ____D C:\Users\micha\Documents\angelvoice
2019-06-11 19:21 - 2018-06-24 23:01 - 000000000 ____D C:\Windows\system32\MRT
2019-06-11 19:19 - 2018-06-24 23:01 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-10 00:45 - 2018-12-20 22:18 - 000000000 ____D C:\Users\micha
2019-06-02 21:11 - 2018-06-24 21:18 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2019-06-02 20:47 - 2018-06-24 21:19 - 000000000 ____D C:\Users\micha\AppData\Local\PlaceholderTileLogoFolder
2019-06-02 20:44 - 2018-07-10 19:07 - 000000000 ____D C:\ProgramData\Packages
2019-06-02 18:30 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF
2019-05-31 20:03 - 2018-09-15 09:36 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-31 20:03 - 2018-09-15 09:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories ================

2018-08-16 12:57 - 2019-01-06 17:18 - 000001456 _____ () C:\Users\micha\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2018-12-21 09:44 - 2018-12-21 09:44 - 000007605 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg
2018-08-05 15:58 - 2018-08-05 15:58 - 000000003 _____ () C:\Users\micha\AppData\Local\updater.log
2018-08-05 15:58 - 2018-08-05 15:58 - 000000425 _____ () C:\Users\micha\AppData\Local\UserProducts.xml

==================== FLock ================

2018-06-24 21:14 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================

Addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by micha (29-06-2019 15:27:22)
Running from C:\Users\micha\Desktop
Windows 10 Pro Version 1809 17763.557 (X64) (2018-12-20 20:22:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38818341-3388588964-4190228223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38818341-3388588964-4190228223-503 - Limited - Disabled)
Guest (S-1-5-21-38818341-3388588964-4190228223-501 - Limited - Disabled)
micha (S-1-5-21-38818341-3388588964-4190228223-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-38818341-3388588964-4190228223-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 1.5.3.0902 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{716F53C3-0B3F-4FB7-9AD7-9BC7DB7134A1}) (Version: 1.4.0.0659 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
Atom (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.0.1447.81 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{510D7DF1-732A-4E0D-9FE7-0BCBB9481A2F}) (Version: 3.44.5504.6203 - Google, Inc.)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BOINC (HKLM\...\{96E0C65F-95D1-437B-80D7-5A180AED06D8}) (Version: 7.14.2 - Space Sciences Laboratory, U.C. Berkeley)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
DBeaver 5.3.3 (HKLM\...\DBeaver) (Version: 5.3.3 - JKISS)
Discord (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
EaseUS Partition Master 13.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Flux) (Version: - f.lux Software LLC)
Global VPN Client (HKLM\...\{7D7ED176-EA00-4B2B-B421-AA19A451F650}) (Version: 4.10.2 - SonicWall)
Google Chrome (HKLM\...\{A5573283-D630-3900-8DCE-E463BDDB5E0E}) (Version: 75.0.3770.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.33.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.87 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.83 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.50 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PhotoFiltre (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\PhotoFiltre) (Version: - )
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Spotify (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.7.7 (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.7 - Telegram Messenger LLP)
TransMac version 12.3 (HKLM-x32\...\TransMac_is1) (Version: 12.3 - Acute Systems)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-38818341-3388588964-4190228223-1001_Classes\CLSID\{E24715A6-33C2-41EF-827E-54C52CBFB9E4} -> [MEGAsync] => C:\Users\micha\Documents\MEGAsync [2018-08-18 17:42]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-04 06:27 - 2017-08-02 15:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2019-01-04 06:22 - 2005-07-18 14:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-01-04 06:27 - 2015-06-23 17:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2018-06-24 21:22 - 2018-04-30 14:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2017-04-28 11:37 - 2017-04-28 11:37 - 000099840 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWCommon.dll
2017-04-28 11:35 - 2017-04-28 11:35 - 000325632 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
2017-04-28 11:37 - 2017-04-28 11:37 - 000323072 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWIPHlp.dll
2019-01-04 06:27 - 2016-10-03 14:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\hola.org -> hxxp://hola.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-01-04 10:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CB72B931-33C0-4A1D-88F0-1F4E7374592C}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E91B3F4A-A178-4395-ABFB-28EDF530A6E4}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AAC7AC04-25A2-4EAE-A117-DBDAE351C17C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8A88AAAE-CFDF-4A79-BDF4-F7C6D71A49C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1A96DC07-5900-41CB-A2AB-AAD364A3DF37}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BD3E443F-6067-4620-A906-A0D5D309CEEC}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B79DE517-FFBD-4E7C-BC1C-4CE16FF8EC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{5DFF9317-8609-408D-9683-9CD318BDB910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{8BCA1821-E9ED-4B68-9DFA-37434ED7A4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C45BC43D-79CC-41AF-BA8B-ED75601C7E2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D73EE1B-843E-4BF1-B7B1-67C18C722B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [{BB920077-E310-4FEC-B708-FCA8EA2DBF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [UDP Query User{39B8FF5A-E7F4-47D1-9076-9DA4F256A309}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7EF0060D-EFBE-4F26-AC4A-08CE3F5B8C97}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8502B645-ED11-4794-BE19-C0DEE641E48A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB7A403B-0E47-4B5E-AAC1-1A78A47F7C1B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{52471536-226B-479E-8399-C315B5C9E0F2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{673E21B2-4C90-4F11-9CBE-94D5D846E37F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7609A11D-5F8D-4083-B4CE-E9D1485E0056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{ACD2B5AC-FAA4-4E40-A4CA-EE52CE923021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{B2030520-29D7-4AFB-8F50-CF25011DE8AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7CDBC504-A58D-4984-9D79-AD25DE230488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{2BCBCE19-2DF0-46C4-8910-ED90D3930CDF}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{7648F28F-0355-4E3C-9149-8F74557AA55F}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C9DE8735-C730-4D2C-9E9E-E9F89E8388F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{670681E0-18C1-4E98-BA12-1CE06556D51E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2066B1A2-04D7-492B-8C35-5BAAC95FBE16}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{A765A1A3-9A3A-4B8B-B292-301B33BC381E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{4DF2D7B1-7659-4B85-8FB3-C8C8446F6572}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{35655605-834F-450A-B196-A2091562EF4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A0075545-70D6-4981-A3D0-52335E314612}] => (Allow) LPort=38518
FirewallRules: [{D5B3C128-E696-4ADA-936A-0CC76D7BFD96}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{FCAA088D-DE82-427C-9774-673EECB428B2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [UDP Query User{A1D26C14-29C2-4144-854F-2B22DAF317D7}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [{9ED571AC-5D8B-471D-8C8D-C16EA90F8818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1A5A2D5-B0F6-4068-B7E0-0E779B3FD97B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06CC4099-7916-47C4-9123-F56D5C0966B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A07A5566-D72C-4E5E-8A89-2B9EDED20ADE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CD8C3CCE-63BE-4AD9-8029-209888340686}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [UDP Query User{4EFC8FE2-F157-4AEC-9CCB-8E219A049006}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [TCP Query User{C13C79A3-FDFB-407E-97D3-643732752F0D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0668304E-F515-44C9-8C5E-FF18403ECA9E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B6743686-FC11-4590-A0A1-C01DC7B5034C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{951C24B6-E7B0-4763-A981-8BEA5168BE4A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{6C77F08E-8594-49F1-A573-079E56D30223}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{C374A54E-C232-4D4E-817E-FA25D05AA381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{719819A3-DDA1-458F-85DD-535BEC2D0C15}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{25847B54-3887-4DC1-B723-3613F624F3D4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4DF3D67-2BFA-4C51-8085-838E5DE9AC40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{592A6E15-E35D-434B-823C-C97E2A345276}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [{C0CCA766-F567-4CF5-944C-6EBE295C7884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{32C9CD54-9A84-4731-9E9D-48EB154C0524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [TCP Query User{8358D2DB-A3D2-46EE-9610-6F4F3A82F25E}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [UDP Query User{4D6B89F4-29C2-4CD0-8C2F-6EDC5283E4A7}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [{1B3703AA-D7E5-4794-BA91-B3409BFBF578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{949226C0-E56D-469E-82C5-971BEF2E3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{AF87E0D2-0ABD-4A2E-B77D-C7B0C46FC74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{3C102020-33E7-472F-9F94-F0157F0FC015}] => (Allow) LPort=26789
FirewallRules: [{CFD908BC-B718-4B11-B966-14FFD13B2F48}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2019 02:55:20 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:49:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:49:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:47:15 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (06/29/2019 02:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: utorrent.exe, version: 2.2.1.25534, time stamp: 0x4e4594ce
Faulting module name: GDI32.dll, version: 10.0.17763.1, time stamp: 0x1c1f7575
Exception code: 0xc000041d
Fault offset: 0x000060d7
Faulting process ID: 0x2a6c
Faulting application start time: 0x01d52e65cfaf5ed7
Faulting application path: C:\Users\micha\AppData\Roaming\uTorrent\utorrent.exe
Faulting module path: C:\Windows\System32\GDI32.dll
Report ID: 653baeb9-6a68-48bc-9fca-e0d8e86880ea
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2019 07:09:48 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).

Error: (06/27/2019 09:08:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (06/27/2019 07:03:13 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Windows cannot load the extensible counter DLL "C:\Windows\system32\sysmain.dll" (Win32 error code 126).


System errors:
=============
Error: (06/29/2019 03:23:06 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:20:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:19:50 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
and APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
to the user DESKTOP-D6F6QG1\micha SID (S-1-5-21-38818341-3388588964-4190228223-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/29/2019 03:18:43 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:18:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:17:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:13:46 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/29/2019 03:07:02 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-D6F6QG1)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================

Date: 2019-06-29 15:19:20.744
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.736
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.048
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.045
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.038
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 14:23:39.037
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.H0 05/02/2018
Motherboard: Micro-Star International Co., Ltd B350 TOMAHAWK (MS-7A34)
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 16335.17 MB
Available physical RAM: 11813.33 MB
Total Virtual: 18767.17 MB
Available Virtual: 11778.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:316.64 GB) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:251.13 GB) NTFS
Drive e: () (Fixed) (Total:698.63 GB) (Free:315.57 GB) NTFS

\\?\Volume{a6fe17bf-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{1ab6e469-f0a9-494f-8ec7-6e1e9fac5df2}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 032C9658)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BCEBE8A2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 1AAF1E19)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0F Extended)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A6FE17BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Díky

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontrola FRST logů

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Nechaj zaskrtnute vsetky nalezy
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

michi_trung
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 22 led 2014 11:55

Re: Kontrola FRST logů

#3 Příspěvek od michi_trung »

Ahoj,
zde je log
# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-28.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-30-2019
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 9
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\Hola
Deleted C:\Users\micha\AppData\Roaming\Hola

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Hola
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hola.org
Deleted HKLM\Software\Hola
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|hola
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Hola

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1833 octets] - [30/06/2019 19:39:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontrola FRST logů

#4 Příspěvek od Conder »

:arrow: Poprosim o obidva nove logy z FRST.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

michi_trung
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 22 led 2014 11:55

Re: Kontrola FRST logů

#5 Příspěvek od michi_trung »

FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-06-2019
Ran by micha (administrator) on DESKTOP-D6F6QG1 (Micro-Star International Co., Ltd MS-7A34) (01-07-2019 22:22:34)
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Platform: Windows 10 Pro Version 1809 17763.557 (X64) Language: Angličtina (Spojené království)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11905.1001.4.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Gaming APP\MSI_LED.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NahimicMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69920 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9063712 2018-10-11] (University of California, Berkeley -> Space Sciences Laboratory)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] (OOO Lightshot -> )
HKLM-x32\...\Run: [GammingApp] => C:\Program Files (x86)\MSI\Gaming APP\SGamingApp.exe [1150648 2017-10-26] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [f.lux] => C:\Users\micha\AppData\Local\FluxSoftware\Flux\flux.exe [1378824 2019-05-07] (F.lux Software LLC -> f.lux Software LLC)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Spotify] => C:\Users\micha\AppData\Roaming\Spotify\Spotify.exe [25386912 2019-06-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [Vivaldi Update Notifier] => "C:\Users\micha\AppData\Local\Vivaldi\Application\update_notifier.exe"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22458328 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\RunOnce: [Application Restart #5] => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-22] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A8504530-742B-42BC-895D-2BAD6406F698}] -> C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\Installer\chrmstp.exe [2019-06-27] (AVAST Software s.r.o. -> AVAST Software)
GroupPolicy: Restriction ? <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0423729D-EBEA-48DA-824B-5CDB6CFD0E9F} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [661240 2018-08-02] (Advanced Micro Devices Inc. -> )
Task: {1B21FDF9-EB67-41DD-9615-E51573AC92BC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1C04DCD6-A19D-40CB-B139-4720C5400A7F} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [572808 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {20254801-F25B-406C-90C0-DC4922917D69} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {301571E8-0A1C-49BD-8CDC-DC948D864F9A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3724680 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {31CCFE3A-F4DA-49A5-B5D7-66A5F03F0282} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Users\micha\AppData\Local\MEGAsync\MEGAupdater.exe [615160 2019-02-20] (Mega Limited -> Mega Limited)
Task: {3ECCC203-D7BE-4DF3-98C2-29F68878AA19} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142320 2018-02-05] (A-Volute -> A-Volute)
Task: {43218A25-38E1-498B-A890-DB4F3AB60B88} - System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {45A3053C-ED25-4DFB-A0F4-B5908F51AB29} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4B55F0F1-1C55-47A2-BB12-B25EB8ED5D6D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4F6474DD-2C9E-419B-89F2-1C88E42E6943} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [841096 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {528CC7FC-CA4B-4E4F-A869-665422BAF44E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [702856 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5DF08315-B107-4A7A-BE58-4B03DAC38A00} - System32\Tasks\CAM.Desktop => C:\Program Files (x86)\NZXT\CAM\CAM.Desktop.exe [332912 2018-11-07] (NZXT -> )
Task: {5E886EC2-98A6-4C9A-8ACE-9ACFDDDEBC86} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {635545C6-4B85-46B6-B5F5-8D4D8566B528} - System32\Tasks\Avast Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1808504 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
Task: {7968D3E2-AB37-4ACE-83A2-BA245CAC40CE} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {8D22E1DE-283F-497F-85A6-B1E876A8985B} - System32\Tasks\MSISW_Host => C:\Windows\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {A03783BC-34FD-4312-83EB-1E39A45FFCB1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
Task: {A38B9AA8-F4F0-47D9-B871-9DAAE24BBC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16467424 2019-02-27] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {AF1CBB6A-76C4-4DC6-B248-31E5FD78D0ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {AFF61958-49D7-45A1-9D3B-E5BF18B00583} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF90CE64-B666-4638-95DC-7A1E1FBEA937} - System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C77E751A-91A0-46AE-882D-9E43CC7709F2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D03E1B6E-F5EF-4333-9923-952327330BD0} - System32\Tasks\MSIGH_Host => C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey.exe [3353784 2018-07-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {D047D3FD-F387-4FBF-8474-9D7B20531655} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-06-24] (Google Inc -> Google Inc.)
Task: {D466CC99-FA00-428B-B1E4-9EC680E55993} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2281944 2019-06-04] (AVAST Software s.r.o. -> AVAST Software)
Task: {D63472F2-C507-40E8-970E-A17A3E84885E} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990256 2018-02-05] (A-Volute -> A-Volute)
Task: {D9F39606-E84C-4A8F-B944-9FA047205ED3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [1146048 2018-10-05] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co. Ltd.)
Task: {E5A43161-891D-4890-BB61-081DB2C50C83} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F2179145-EA09-4F98-A265-1FCCDD7F293C} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [877448 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F84E7356-A3BC-4911-95F7-9AE1613EF967} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\MSISW_Host.job => C:\WINDOWS\SysWOW64\muachost.exe
Task: C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{0440be48-4edf-4eba-964c-9eecfd98950a}: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{56db64ee-b847-4229-ba2e-fb8c18985a54}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: qqp4w2aq.default
FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default [2019-06-29]
FF Extension: (Avast Passwords) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-12-15] [UpdateUrl:hxxps://pamcdn.avast.com/pamcdn/extensions/firefox/update.json]
FF Extension: (Avast SafePrice | Srovnání, výhodné nabídky, kupóny) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\sp@avast.com.xpi [2018-12-19]
FF Extension: (uBlock Origin) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\uBlock0@raymondhill.net.xpi [2018-12-16]
FF Extension: (Avast Online Security) - C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\qqp4w2aq.default\Extensions\wrc@avast.com.xpi [2018-06-24]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems Incorporated -> Adobe Systems)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> ""
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default [2019-07-01]
CHR Extension: (Prezentace) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-24]
CHR Extension: (Dokumenty) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-24]
CHR Extension: (Disk Google) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-18]
CHR Extension: (YouTube) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-24]
CHR Extension: (uBlock Origin) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2019-06-21]
CHR Extension: (Avast Passwords) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2019-05-15]
CHR Extension: (Tabulky) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-24]
CHR Extension: (Video Downloader PLUS) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2019-07-01]
CHR Extension: (Dokumenty Google offline) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-15]
CHR Extension: (Avast Online Security) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-01]
CHR Extension: (Heap Poznámka) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpiejadkdojdbfgfocaoahhbepnlpph [2018-06-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-24]
CHR Extension: (Material Simple Dark Grey) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookepigabmicjpgfnmncjiplegcacdbm [2019-05-15]
CHR Extension: (Click&Clean App) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2019-06-23]
CHR Extension: (Gmail) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-25] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastSecureBrowserElevationService; C:\Program Files (x86)\AVAST Software\Browser\Application\75.0.1447.81\elevation_service.exe [978720 2019-06-11] (AVAST Software s.r.o. -> AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingApp_Service.exe [46776 2018-09-06] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
R2 GamingHotkey_Service; C:\Program Files (x86)\MSI\Gaming APP\GamingHotkey_Service.exe [2027192 2018-03-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-05-07] (Logitech Inc -> Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507960 2018-11-30] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-12-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [790920 2019-01-30] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SWGVCSvc; C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe [325632 2017-04-28] (SonicWall Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-05-22] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [110944 2018-09-15] (Microsoft Corporation -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18264 2017-09-27] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [34568 2019-04-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [24424 2016-08-12] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 AMDPCIDev; C:\Windows\System32\drivers\AMDPCIDev.sys [31592 2018-04-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137496 2018-09-12] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
R2 AMDRyzenMasterDriverV13; C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys [71152 2018-11-22] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswElam; C:\Windows\System32\drivers\aswElam.sys [15488 2019-01-06] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [169112 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030992 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387392 2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
R1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [34496 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFlt; C:\Windows\System32\drivers\EPMVolFlt.sys [30416 2018-10-18] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2018-10-24] (CHENGDU YIWO Tech Development Co., Ltd. -> ) [File not signed]
R3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-27] (Feature Integration Technology -> FINTEK Corp.)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [38424 2017-09-15] (Intel Corporation -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-05-07] (Logitech Inc -> Logitech Inc.)
R3 NTIOLib_MBAPI; C:\Program Files (x86)\MSI\Gaming APP\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_edcffbdd101bbe5b\nvlddmkm.sys [20726016 2019-02-21] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [1122200 2018-08-30] (Realtek Semiconductor Corp. -> Realtek )
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [24576 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\NZXT\CAM\OpenHardwareMonitorLib.sys [14544 2019-02-03] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
2019-07-01 22:10 - 2019-07-01 22:10 - 001931083 _____ C:\Users\micha\Downloads\66335396_470674170175139_6748595248698102044_n.mp4
2019-06-30 19:39 - 2019-06-30 19:40 - 000000000 ____D C:\AdwCleaner
2019-06-30 19:38 - 2019-06-30 19:38 - 007025360 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner_7.3.exe
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\wbinfesmiq.txt
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\uhxqliytmgyhzag.txt
2019-06-29 15:36 - 2019-06-29 15:36 - 000000002 _____ C:\Users\micha\Desktop\dihvxttbczmhidxxb.txt
2019-06-29 15:35 - 2019-06-29 15:35 - 000000002 _____ C:\Users\micha\Desktop\qsbggapvnmukqmgxu.txt
2019-06-29 15:35 - 2019-06-29 15:35 - 000000002 _____ C:\Users\micha\Desktop\atejkcvqgdcnqd.txt
2019-06-29 15:27 - 2019-06-29 15:27 - 000043516 _____ C:\Users\micha\Desktop\Addition.txt
2019-06-29 15:26 - 2019-07-01 22:23 - 000030534 _____ C:\Users\micha\Desktop\FRST.txt
2019-06-29 15:25 - 2019-07-01 22:22 - 002419200 _____ (Farbar) C:\Users\micha\Desktop\FRST64.exe
2019-06-29 14:29 - 2019-06-29 14:29 - 000000000 ____D C:\Windows\pss
2019-06-29 14:12 - 2019-06-29 14:47 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2019-06-29 14:11 - 2019-06-29 14:19 - 000498890 _____ C:\Windows\ntbtlog.txt
2019-06-29 02:46 - 2019-06-29 02:46 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2019-06-29 02:46 - 2019-06-29 02:46 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2019-06-29 02:46 - 2019-06-29 02:46 - 000169112 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2019-06-24 00:28 - 2019-06-24 00:28 - 002622054 _____ C:\Users\micha\Documents\Untitled 1.bmp
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2019-06-21 10:05 - 2019-06-21 10:05 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2019-06-20 11:48 - 2019-06-20 11:48 - 000000000 ____D C:\Program Files\UNP
2019-06-17 23:40 - 2019-06-17 23:40 - 000287204 _____ C:\Users\micha\Downloads\video-1558264822.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000199449 _____ C:\Users\micha\Downloads\video-1557745420.mp4
2019-06-17 23:40 - 2019-06-17 23:40 - 000129305 _____ C:\Users\micha\Downloads\video-1559137326.mp4
2019-06-17 23:39 - 2019-06-17 23:39 - 000390979 _____ C:\Users\micha\Downloads\video-1558546587.mp4
2019-06-17 20:15 - 2019-06-17 20:15 - 000105486 _____ C:\Users\micha\Downloads\ticket-ID0B6B.pdf
2019-06-13 21:41 - 2019-06-13 21:41 - 000000022 _____ C:\Users\micha\Downloads\MEGA-RECOVERYKEY.txt
2019-06-12 18:34 - 2019-06-12 18:34 - 001993528 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\Documents\Sony
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\Users\micha\AppData\Roaming\Apple Computer
2019-06-11 23:36 - 2019-06-11 23:36 - 000000000 ____D C:\ProgramData\boost_interprocess
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 026808320 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 023438336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 022114960 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 020816384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 018999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012869120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 012162048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 009682744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 007875072 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007687576 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006547144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006309256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 006068224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005588184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004997096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004883968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004661760 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 004588544 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 003906560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003637248 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003385344 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 003363640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 003091968 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002926096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002707968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002653696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002422272 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002189312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001929216 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001701888 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001670840 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001616384 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001605120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001485312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001466496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001387520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001331536 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001253688 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001229824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 001223168 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001219424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001098136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 001054712 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 001048592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000998912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000972288 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000872448 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000863544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000773632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000756736 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000752144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000730592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000679424 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000676048 _____ (Microsoft Corporation) C:\Windows\system32\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000651576 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000604344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-06-11 19:24 - 2019-06-11 19:24 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000553664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000532992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000531968 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000513904 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000506192 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000495616 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000478720 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000474936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2019-06-11 19:24 - 2019-06-11 19:24 - 000462136 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\SDDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000419368 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000404792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000398208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000389120 _____ (Microsoft Corporation) C:\Windows\system32\BingASDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000386576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000362496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000244224 _____ (Microsoft Corporation) C:\Windows\system32\JpnServiceDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000218624 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000156984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000155136 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000152896 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000137056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000101176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\BingFilterDS.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000090424 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000087864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000080400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys
2019-06-11 19:24 - 2019-06-11 19:24 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000046080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryCore.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slcext.dll
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2019-06-11 19:24 - 2019-06-11 19:24 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2019-06-06 22:08 - 2019-06-06 22:09 - 000000000 ____D C:\Users\micha\Documents\istqb
2019-06-06 22:08 - 2019-06-06 22:08 - 001491527 _____ C:\Users\micha\Downloads\fwfewpapers.zip
2019-06-02 18:49 - 2019-06-02 20:28 - 000583179 _____ C:\Users\micha\Documents\checkcheck.csv
2019-06-01 21:38 - 2019-06-01 21:38 - 000001114 _____ C:\Users\micha\Desktop\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000001100 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarTrinity CST.lnk
2019-06-01 21:38 - 2019-06-01 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\StarTrinity CST
2019-06-01 20:40 - 2019-06-01 20:40 - 000000000 ____D C:\Users\micha\Downloads\startrinity_cst
2019-06-01 20:38 - 2019-06-01 20:38 - 001560001 _____ C:\Users\micha\Downloads\startrinity_cst.zip

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-07-01 22:22 - 2018-12-28 18:15 - 000000000 ____D C:\FRST
2019-07-01 22:21 - 2019-01-22 01:55 - 000000000 ____D C:\Users\micha\AppData\Roaming\Code
2019-07-01 22:20 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-07-01 22:16 - 2019-02-21 20:48 - 000003194 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-07-01 22:16 - 2019-02-21 20:48 - 000002234 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-07-01 22:16 - 2019-01-26 11:25 - 000002580 _____ C:\Windows\System32\Tasks\CAM.Desktop
2019-07-01 22:16 - 2019-01-26 11:15 - 000002582 _____ C:\Windows\System32\Tasks\AMDAutoUpdate
2019-07-01 22:16 - 2019-01-04 06:27 - 000002280 _____ C:\Windows\System32\Tasks\MSIGH_Host
2019-07-01 22:16 - 2018-12-20 22:24 - 000002854 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-38818341-3388588964-4190228223-1001
2019-07-01 22:16 - 2018-12-20 22:22 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-07-01 22:16 - 2018-12-20 22:22 - 000003196 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003152 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003122 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-07-01 22:16 - 2018-12-20 22:22 - 000003048 _____ C:\Windows\System32\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000003016 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002800 _____ C:\Windows\System32\Tasks\update-sys
2019-07-01 22:16 - 2018-12-20 22:22 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-07-01 22:16 - 2018-12-20 22:22 - 000002388 _____ C:\Windows\System32\Tasks\NahimicVRSvc64Run
2019-07-01 22:16 - 2018-12-20 22:22 - 000002380 _____ C:\Windows\System32\Tasks\NahimicVRSvc32Run
2019-07-01 22:16 - 2018-12-20 22:22 - 000002148 _____ C:\Windows\System32\Tasks\MSISW_Host
2019-07-01 22:16 - 2018-12-20 22:22 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2019-07-01 22:16 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-sys.job
2019-07-01 22:16 - 2018-08-05 15:58 - 000000420 _____ C:\Windows\Tasks\update-S-1-5-21-38818341-3388588964-4190228223-1001.job
2019-07-01 22:11 - 2018-06-24 21:23 - 000000000 ____D C:\Users\micha\AppData\Local\AVAST Software
2019-07-01 21:23 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Local\Spotify
2019-07-01 21:17 - 2018-12-20 22:17 - 000000000 ____D C:\Windows\system32\SleepStudy
2019-07-01 21:17 - 2018-09-23 13:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Spotify
2019-07-01 17:35 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2019-07-01 17:35 - 2018-06-24 21:23 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-30 21:48 - 2018-09-15 09:23 - 000000000 ____D C:\Windows\CbsTemp
2019-06-30 19:45 - 2019-02-14 23:18 - 000745808 _____ C:\Windows\system32\perfh005.dat
2019-06-30 19:45 - 2019-02-14 23:18 - 000160320 _____ C:\Windows\system32\perfc005.dat
2019-06-30 19:45 - 2018-12-20 22:26 - 001834764 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-30 19:45 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2019-06-30 19:41 - 2018-12-20 22:22 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2019-06-30 19:41 - 2018-09-15 19:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2019-06-30 19:41 - 2018-09-15 19:40 - 000000000 ____D C:\Windows\OCR
2019-06-30 19:41 - 2018-09-15 19:39 - 000000000 ____D C:\Windows\SysWOW64\WCN
2019-06-30 19:41 - 2018-09-15 19:39 - 000000000 ____D C:\Windows\system32\WCN
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\SysWOW64\F12
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___SD C:\Windows\system32\F12
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\migwiz
2019-06-30 19:41 - 2018-09-15 09:33 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2019-06-30 19:40 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2019-06-30 19:40 - 2018-06-24 21:19 - 000000000 ____D C:\Users\micha\AppData\Local\PlaceholderTileLogoFolder
2019-06-30 18:42 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-06-30 18:39 - 2018-06-24 21:18 - 000000000 ____D C:\Users\micha\AppData\Local\Packages
2019-06-30 17:25 - 2018-06-24 21:38 - 000000000 ____D C:\Users\micha\AppData\Roaming\Telegram Desktop
2019-06-29 14:09 - 2018-08-20 12:27 - 000000000 ____D C:\Users\micha\AppData\Roaming\uTorrent
2019-06-29 14:09 - 2018-06-24 21:55 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
2019-06-29 02:46 - 2019-02-18 00:40 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2019-06-29 02:46 - 2019-01-14 19:47 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys
2019-06-29 02:46 - 2019-01-06 10:25 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys
2019-06-29 02:46 - 2018-12-20 22:22 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2019-06-29 02:46 - 2018-10-29 22:46 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2019-06-29 02:46 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-06-29 02:46 - 2018-06-24 21:23 - 001030992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000387392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2019-06-29 02:46 - 2018-06-24 21:23 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2019-06-28 23:58 - 2018-08-05 15:58 - 000000000 ____D C:\Users\micha\Documents\Lightshot
2019-06-28 12:10 - 2019-05-08 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-27 19:40 - 2019-04-17 22:00 - 000003856 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Hourly)
2019-06-27 19:40 - 2019-04-17 22:00 - 000003272 _____ C:\Windows\System32\Tasks\Avast Secure Browser Heartbeat Task (Logon)
2019-06-27 19:40 - 2018-08-25 11:34 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2019-06-27 11:18 - 2018-06-24 21:22 - 000000000 ____D C:\Program Files (x86)\Steam
2019-06-26 19:01 - 2018-06-25 09:12 - 000000000 ____D C:\Users\Public\Logi
2019-06-26 13:14 - 2018-06-24 21:28 - 000000000 ____D C:\MSI
2019-06-24 13:47 - 2018-06-25 08:28 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache
2019-06-23 19:02 - 2018-08-08 22:29 - 000000000 ____D C:\Users\micha\AppData\Roaming\discord
2019-06-22 15:23 - 2018-06-24 21:22 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 23:46 - 2019-05-18 23:13 - 000000000 ____D C:\Users\micha\AppData\Local\ElevatedDiagnostics
2019-06-20 11:47 - 2018-12-20 22:18 - 000002363 _____ C:\Users\micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-06-20 11:47 - 2018-06-24 21:19 - 000000000 ___RD C:\Users\micha\OneDrive
2019-06-18 09:04 - 2018-06-24 21:28 - 000000000 ____D C:\ProgramData\Package Cache
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Roaming\WhatsApp
2019-06-17 11:48 - 2018-08-26 19:48 - 000000000 ____D C:\Users\micha\AppData\Local\WhatsApp
2019-06-13 21:48 - 2019-05-18 09:07 - 000000000 ___HD C:\Users\micha\Documents\ASP.core.sys
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2019-06-12 18:32 - 2018-06-24 21:18 - 000000000 ___RD C:\Users\micha\3D Objects
2019-06-12 18:31 - 2018-12-20 22:17 - 000258168 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-12 00:36 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\bcastdvr
2019-06-12 00:01 - 2019-05-21 22:55 - 000000000 ____D C:\Users\micha\Documents\angelvoice
2019-06-11 19:21 - 2018-06-24 23:01 - 000000000 ____D C:\Windows\system32\MRT
2019-06-11 19:19 - 2018-06-24 23:01 - 135349160 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-06-10 00:45 - 2018-12-20 22:18 - 000000000 ____D C:\Users\micha
2019-06-02 20:44 - 2018-07-10 19:07 - 000000000 ____D C:\ProgramData\Packages
2019-06-02 18:30 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories ================

2018-08-16 12:57 - 2019-01-06 17:18 - 000001456 _____ () C:\Users\micha\AppData\Local\Adobe Save for Web 13.0 Prefs
2019-06-11 23:35 - 2019-06-11 23:35 - 050616672 _____ (Sony) C:\Users\micha\AppData\Local\pcc.exe
2018-12-21 09:44 - 2018-12-21 09:44 - 000007605 _____ () C:\Users\micha\AppData\Local\Resmon.ResmonCfg
2018-08-05 15:58 - 2018-08-05 15:58 - 000000003 _____ () C:\Users\micha\AppData\Local\updater.log
2018-08-05 15:58 - 2018-08-05 15:58 - 000000425 _____ () C:\Users\micha\AppData\Local\UserProducts.xml

==================== FLock ================

2018-06-24 21:14 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by micha (01-07-2019 22:23:21)
Running from C:\Users\micha\Desktop
Windows 10 Pro Version 1809 17763.557 (X64) (2018-12-20 20:22:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-38818341-3388588964-4190228223-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-38818341-3388588964-4190228223-503 - Limited - Disabled)
Guest (S-1-5-21-38818341-3388588964-4190228223-501 - Limited - Disabled)
micha (S-1-5-21-38818341-3388588964-4190228223-1001 - Administrator - Enabled) => C:\Users\micha
WDAGUtilityAccount (S-1-5-21-38818341-3388588964-4190228223-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Version: 18.05 - Igor Pavlov)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.5.1 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\AMD Ryzen Master) (Version: 1.5.3.0902 - Advanced Micro Devices, Inc.)
AMD Ryzen Master SDK (HKLM\...\{716F53C3-0B3F-4FB7-9AD7-9BC7DB7134A1}) (Version: 1.4.0.0659 - Advanced Micro Devices, Inc.)
APOInstallerMSISetup (HKLM\...\{6D8108E5-FBDD-4547-9C04-B052336E4046}) (Version: 1.0.19 - Nahimic) Hidden
Atom (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\atom) (Version: 1.34.0 - GitHub Inc.)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{A6A8AE0B-30CC-4641-8BE4-8A70E44A2448}) (Version: 1.0.1901 - Nahimic) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 75.0.1447.81 - Autoři prohlížeče Avast Secure Browser)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Backup and Sync from Google (HKLM\...\{510D7DF1-732A-4E0D-9FE7-0BCBB9481A2F}) (Version: 3.44.5504.6203 - Google, Inc.)
Blender (HKLM\...\{E29A1273-2E7A-40E7-AA63-428A11D59429}) (Version: 2.79.2 - Blender Foundation)
BOINC (HKLM\...\{96E0C65F-95D1-437B-80D7-5A180AED06D8}) (Version: 7.14.2 - Space Sciences Laboratory, U.C. Berkeley)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.73.1084 - AB Team, d.o.o.)
CAM (HKLM-x32\...\{8F17EBED-54B3-472E-B7CF-C53B6AF38FBD}) (Version: 3.7.4 - NZXT)
CCleaner (HKLM\...\CCleaner) (Version: 5.54 - Piriform)
DBeaver 5.3.3 (HKLM\...\DBeaver) (Version: 5.3.3 - JKISS)
Discord (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Discord) (Version: 0.0.305 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 419.17 - NVIDIA Corporation) Hidden
EaseUS Partition Master 13.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EndpointMonitoring Install MSISetup (HKLM\...\{F1F90F23-6FFC-481E-B72A-B2D51C6DA257}) (Version: 1.0.1901 - Nahimic) Hidden
Epic Games Launcher (HKLM-x32\...\{0E63B233-DC24-442C-BD38-0B91D90FEC5B}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Flux) (Version: - f.lux Software LLC)
Global VPN Client (HKLM\...\{7D7ED176-EA00-4B2B-B421-AA19A451F650}) (Version: 4.10.2 - SonicWall)
Google Chrome (HKLM\...\{A5573283-D630-3900-8DCE-E463BDDB5E0E}) (Version: 75.0.3770.100 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
IIS 10.0 Express (HKLM\...\{4E0AF984-1437-42DC-A8E4-A6EE920DDFAF}) (Version: 10.0.1743 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - ) Hidden
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - ) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lightshot-5.4.0.35 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.35 - Skillbrains)
Logitech Gaming Software 9.00 (HKLM\...\Logitech Gaming Software) (Version: 9.00.42 - Logitech Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft OneDrive (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\OneDriveSetup.exe) (Version: 19.086.0502.0006 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26405 (HKLM-x32\...\{5b295ba9-ef89-4aeb-8acc-b61adb0b9b5f}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26405 (HKLM-x32\...\{ec9c2282-a836-48a6-9e41-c2f0bf8d678b}) (Version: 14.14.26405.0 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.33.1 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 64.0.2 (x64 en-US)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.87 - MSI)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 6.2.0.83 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.50 - MSI)
Nahimic VR (HKLM-x32\...\{3d84610f-4cfb-4165-aa15-bb859bd0f0e3}) (Version: 1.0.19 - Nahimic)
NineEarsSettings Install Configurator (HKLM\...\{A909659E-FC98-4D8F-AC40-8C5344C86F7A}) (Version: 1.0.1901 - Nahimic) Hidden
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.6 - Notepad++ Team)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.13 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.17.0.126 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.17.0.126 - NVIDIA Corporation)
NVIDIA Graphics Driver 419.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 419.17 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Oracle VM VirtualBox 5.2.8 (HKLM\...\{A7F49FA5-9FCA-4936-8652-CD00206D9300}) (Version: 5.2.8 - Oracle Corporation)
PhotoFiltre (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\PhotoFiltre) (Version: - )
ProductDaemon Install Setup (HKLM\...\{32D62D40-F8F6-408E-8F8C-6A6593E3ACE9}) (Version: 1.0.1901 - Nahimic) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.31.828.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8581 - Realtek Semiconductor Corp.)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.1 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.3.0.1910 - Samsung Electronics)
Spotify (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\Spotify) (Version: 1.1.9.383.g9f48828e - Spotify AB)
SSAudioDaemon Install MSISetup (HKLM\...\{F77EA0C2-B0EB-47C7-990D-EACA981D75E8}) (Version: 1.0.19 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop version 1.7.10 (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.7.10 - Telegram Messenger LLP)
TransMac version 12.3 (HKLM-x32\...\TransMac_is1) (Version: 12.3 - Acute Systems)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
WhatsApp (HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\WhatsApp) (Version: 0.3.2848 - WhatsApp)
Windows Mobile Connectivity Tools 10.0.15254.0 - Desktop x86 (HKLM-x32\...\{833F02C5-2C39-49F6-BD64-91D351081274}) (Version: 10.1.15254.1 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E77C2F78-6089-48F8-89DF-DDF2850DFFD9}) (Version: 10.1.0.0 - Microsoft Corporation)

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.0.2.0_x64__tf1gferkr813w [2019-05-28] (Autodesk Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20174.0_x64__8wekyb3d8bbwe [2019-05-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-21] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.28.10351.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Photos Add-on -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-10-29] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-38818341-3388588964-4190228223-1001_Classes\CLSID\{E24715A6-33C2-41EF-827E-54C52CBFB9E4} -> [MEGAsync] => C:\Users\micha\Documents\MEGAsync [2018-08-18 17:42]
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2019-06-25] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-03-19] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2019-06-25] (Google LLC -> Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\micha\AppData\Local\MEGAsync\ShellExtX64.dll [2019-02-20] (Mega Limited -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2019-02-20] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-06-29] (AVAST Software s.r.o. -> AVAST Software)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-04 06:27 - 2017-08-02 15:48 - 000237568 _____ () [File not signed] C:\Program Files (x86)\MSI\Gaming APP\LEDControl.dll
2019-01-04 06:22 - 2005-07-18 14:43 - 000160256 _____ () [File not signed] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2019-01-04 06:27 - 2016-04-20 15:12 - 000772608 _____ () [File not signed] C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\Lib\USB_DLL.dll
2019-01-04 06:27 - 2015-06-23 17:41 - 000082432 _____ (Fintek) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\FintekUSBDll.dll
2017-04-28 11:37 - 2017-04-28 11:37 - 000099840 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWCommon.dll
2017-04-28 11:35 - 2017-04-28 11:35 - 000325632 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
2017-04-28 11:37 - 2017-04-28 11:37 - 000323072 _____ (SonicWall Inc.) [File not signed] C:\Program Files\SonicWall\Global VPN Client\SWIPHlp.dll
2019-01-04 06:27 - 2016-10-03 14:43 - 000399872 _____ (TODO: <公司名稱>) [File not signed] C:\Program Files (x86)\MSI\Gaming APP\Lib\SDKDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 01:38 - 2019-01-04 10:28 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "boinctray"
HKLM\...\StartupApproved\Run: => "boincmgr"
HKLM\...\StartupApproved\Run32: => "GammingApp"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "Vivaldi Update Notifier"
HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CB72B931-33C0-4A1D-88F0-1F4E7374592C}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{E91B3F4A-A178-4395-ABFB-28EDF530A6E4}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [UDP Query User{AAC7AC04-25A2-4EAE-A117-DBDAE351C17C}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{8A88AAAE-CFDF-4A79-BDF4-F7C6D71A49C3}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{1A96DC07-5900-41CB-A2AB-AAD364A3DF37}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{BD3E443F-6067-4620-A906-A0D5D309CEEC}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B79DE517-FFBD-4E7C-BC1C-4CE16FF8EC73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{5DFF9317-8609-408D-9683-9CD318BDB910}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rise of the Tomb Raider\ROTTR.exe (Square Enix LTD -> Eidos Inc.)
FirewallRules: [{8BCA1821-E9ED-4B68-9DFA-37434ED7A4CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C45BC43D-79CC-41AF-BA8B-ED75601C7E2A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7D73EE1B-843E-4BF1-B7B1-67C18C722B71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [{BB920077-E310-4FEC-B708-FCA8EA2DBF06}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cities_Skylines\Cities.exe () [File not signed]
FirewallRules: [UDP Query User{39B8FF5A-E7F4-47D1-9076-9DA4F256A309}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{7EF0060D-EFBE-4F26-AC4A-08CE3F5B8C97}C:\users\micha\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\micha\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{8502B645-ED11-4794-BE19-C0DEE641E48A}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{BB7A403B-0E47-4B5E-AAC1-1A78A47F7C1B}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{52471536-226B-479E-8399-C315B5C9E0F2}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [TCP Query User{673E21B2-4C90-4F11-9CBE-94D5D846E37F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{7609A11D-5F8D-4083-B4CE-E9D1485E0056}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{ACD2B5AC-FAA4-4E40-A4CA-EE52CE923021}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe () [File not signed]
FirewallRules: [{B2030520-29D7-4AFB-8F50-CF25011DE8AF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{7CDBC504-A58D-4984-9D79-AD25DE230488}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{2BCBCE19-2DF0-46C4-8910-ED90D3930CDF}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{7648F28F-0355-4E3C-9149-8F74557AA55F}C:\users\micha\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\micha\appdata\roaming\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{C9DE8735-C730-4D2C-9E9E-E9F89E8388F5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{670681E0-18C1-4E98-BA12-1CE06556D51E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2066B1A2-04D7-492B-8C35-5BAAC95FBE16}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{A765A1A3-9A3A-4B8B-B292-301B33BC381E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{4DF2D7B1-7659-4B85-8FB3-C8C8446F6572}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{35655605-834F-450A-B196-A2091562EF4E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{A0075545-70D6-4981-A3D0-52335E314612}] => (Allow) LPort=38518
FirewallRules: [{D5B3C128-E696-4ADA-936A-0CC76D7BFD96}] => (Allow) LPort=9142
FirewallRules: [TCP Query User{FCAA088D-DE82-427C-9774-673EECB428B2}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [UDP Query User{A1D26C14-29C2-4144-854F-2B22DAF317D7}C:\program files (x86)\nzxt\cam\cam.desktop.exe] => (Allow) C:\program files (x86)\nzxt\cam\cam.desktop.exe (NZXT -> )
FirewallRules: [{9ED571AC-5D8B-471D-8C8D-C16EA90F8818}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1A5A2D5-B0F6-4068-B7E0-0E779B3FD97B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{06CC4099-7916-47C4-9123-F56D5C0966B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A07A5566-D72C-4E5E-8A89-2B9EDED20ADE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{CD8C3CCE-63BE-4AD9-8029-209888340686}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [UDP Query User{4EFC8FE2-F157-4AEC-9CCB-8E219A049006}C:\program files\sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\sonicwall\global vpn client\swgvc.exe (SonicWall Inc.) [File not signed]
FirewallRules: [TCP Query User{C13C79A3-FDFB-407E-97D3-643732752F0D}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{0668304E-F515-44C9-8C5E-FF18403ECA9E}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.196\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{B6743686-FC11-4590-A0A1-C01DC7B5034C}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{951C24B6-E7B0-4763-A981-8BEA5168BE4A}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.195\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{6C77F08E-8594-49F1-A573-079E56D30223}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{C374A54E-C232-4D4E-817E-FA25D05AA381}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.197\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{719819A3-DDA1-458F-85DD-535BEC2D0C15}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{25847B54-3887-4DC1-B723-3613F624F3D4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.198\deploy\leagueclient.exe No File
FirewallRules: [TCP Query User{D4DF3D67-2BFA-4C51-8085-838E5DE9AC40}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [UDP Query User{592A6E15-E35D-434B-823C-C97E2A345276}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.200\deploy\leagueclient.exe No File
FirewallRules: [{C0CCA766-F567-4CF5-944C-6EBE295C7884}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{32C9CD54-9A84-4731-9E9D-48EB154C0524}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [TCP Query User{8358D2DB-A3D2-46EE-9610-6F4F3A82F25E}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [UDP Query User{4D6B89F4-29C2-4CD0-8C2F-6EDC5283E4A7}C:\users\micha\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\micha\appdata\roaming\telegram desktop\telegram.exe (Telegram Messenger LLP -> Telegram Messenger LLP)
FirewallRules: [{1B3703AA-D7E5-4794-BA91-B3409BFBF578}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{949226C0-E56D-469E-82C5-971BEF2E3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{AF87E0D2-0ABD-4A2E-B77D-C7B0C46FC74E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe (Wube Software) [File not signed]
FirewallRules: [{3C102020-33E7-472F-9F94-F0157F0FC015}] => (Allow) LPort=26789
FirewallRules: [{CFD908BC-B718-4B11-B966-14FFD13B2F48}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (AVAST Software s.r.o. -> AVAST Software)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2019 10:22:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program chrome.exe verze 75.0.3770.100 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 28c8

Čas spuštění: 01d52fc1f94d654e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

ID hlášení: a5bc33ef-c643-4913-b164-383cd28e4fff

Úplný název balíčku s chybou:

ID aplikace relativní podle balíčku s chybou:

Typ zablokování: Top level window is idle

Error: (07/01/2019 09:18:15 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (06/30/2019 09:46:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\TiWorker.exe -Embedding; Popis = Windows Modules Installer; Chyba = 0x80070422).

Error: (06/30/2019 09:46:31 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Popis = Windows Update; Chyba = 0x80070422).

Error: (06/30/2019 09:41:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Popis = Scheduled Checkpoint; Chyba = 0x80070422).

Error: (06/30/2019 07:58:21 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT AUTHORITY)
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů C:\Windows\system32\sysmain.dll (kód chyby Win32 126).

Error: (06/30/2019 06:42:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: TiWorker.exe, verze: 10.0.17763.1, časové razítko: 0x1f41714b
Název chybujícího modulu: cbscore.dll, verze: 10.0.17763.550, časové razítko: 0x26675883
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002ffb3
ID chybujícího procesu: 0x2d30
Čas spuštění chybující aplikace: 0x01d52f620cf1e5d8
Cesta k chybující aplikaci: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\TiWorker.exe
Cesta k chybujícímu modulu: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.550_none_7e1820994d00fd23\cbscore.dll
ID zprávy: c0f6601b-d38c-40bf-ab34-2719cae218ed
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (06/30/2019 06:40:06 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv; Popis = Windows Update; Chyba = 0x80070422).


System errors:
=============
Error: (07/01/2019 10:21:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:40:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 09:17:22 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 07:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 06:44:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 05:40:07 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (07/01/2019 05:32:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-D6F6QG1)
Description: Nastavení oprávnění application-specific neuděluje oprávnění Local Activation pro serverovou aplikaci COM s identifikátorem CLSID
{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}
a APPID
{15C20B67-12E7-4BB6-92BB-7AFF07997402}
uživateli DESKTOP-D6F6QG1\micha (SID: S-1-5-21-38818341-3388588964-4190228223-1001) z adresy LocalHost (Using LRPC) běžící v kontejneru aplikací Unavailable – SID (Unavailable). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2019-06-30 19:41:12.865
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.864
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.858
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-30 19:41:12.856
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.744
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.742
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.737
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-06-29 15:19:20.736
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\wsc_proxy.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.H0 05/02/2018
Motherboard: Micro-Star International Co., Ltd B350 TOMAHAWK (MS-7A34)
Processor: AMD Ryzen 5 1600 Six-Core Processor
Percentage of memory in use: 20%
Total physical RAM: 16335.17 MB
Available physical RAM: 12943.91 MB
Total Virtual: 18767.17 MB
Available Virtual: 13184.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.27 GB) (Free:315.62 GB) NTFS
Drive d: (SAMSUNG) (Fixed) (Total:931.51 GB) (Free:251.13 GB) NTFS
Drive e: () (Fixed) (Total:698.63 GB) (Free:315.57 GB) NTFS

\\?\Volume{a6fe17bf-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS
\\?\Volume{1ab6e469-f0a9-494f-8ec7-6e1e9fac5df2}\ () (Fixed) (Total:0.5 GB) (Free:0.49 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 032C9658)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BCEBE8A2)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 1AAF1E19)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=0F Extended)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A6FE17BF)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontrola FRST logů

#6 Příspěvek od Conder »

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
    ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
    File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
    File: C:\Windows\system32\EuGdiDrv.sys
    
    HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe" 
    GroupPolicy: Restriction ? <==== ATTENTION
    S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
    S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
    2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

michi_trung
Návštěvník
Návštěvník
Příspěvky: 21
Registrován: 22 led 2014 11:55

Re: Kontrola FRST logů

#7 Příspěvek od michi_trung »

Fixlog.txt
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-06-2019
Ran by micha (03-07-2019 09:56:01) Run:1
Running from C:\Users\micha\Desktop
Loaded Profiles: micha (Available Profiles: micha)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
ExportKey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe
File: C:\Windows\system32\EuGdiDrv.sys

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\...\MountPoints2: {40419117-8b9d-11e9-9125-309c230e2015} - "F:\startme.exe"
GroupPolicy: Restriction ? <==== ATTENTION
S3 cpuz147; \??\C:\WINDOWS\temp\cpuz147\cpuz147_x64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
2019-07-01 22:22 - 2019-07-01 22:22 - 000000000 ____D C:\Users\micha\Desktop\FRST-OlderVersion

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========



Count : 13
Average :
Sum : 4947841
Maximum :
Minimum :
Property : Length




========= End of Powershell: =========

================== ExportKey: ===================

[HKLM\SOFTWARE\Policies\Mozilla\Firefox]
[HKLM\SOFTWARE\Policies\Mozilla\Firefox\Certificates]
"ImportEnterpriseRoots"="1"

=== End of ExportKey ===

========================= File: C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe ========================

"C:\Program Files\SonicWall\Global VPN Client\SWGVCSvc.exe" => not found
====== End of File: ======


========================= File: C:\Windows\system32\EuGdiDrv.sys ========================

C:\Windows\system32\EuGdiDrv.sys
File not signed
MD5: 08C997734B2CECE882656BB2855E6E76
Creation and modification date: 2019-03-05 19:09 - 2018-10-24 14:53
Size: 000010848
Attributes: ----A
Company Name: CHENGDU YIWO Tech Development Co., Ltd. ->
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/b3c1def ... 560366190/

====== End of File: ======

HKU\S-1-5-21-38818341-3388588964-4190228223-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40419117-8b9d-11e9-9125-309c230e2015} => removed successfully
HKLM\Software\Classes\CLSID\{40419117-8b9d-11e9-9125-309c230e2015} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\CurrentControlSet\Services\cpuz147 => removed successfully
cpuz147 => service removed successfully
HKLM\System\CurrentControlSet\Services\NVHDA => removed successfully
NVHDA => service removed successfully
C:\Users\micha\Desktop\FRST-OlderVersion => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10248192 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1781028420 B
Java, Flash, Steam htmlcache => 457363543 B
Windows/system/drivers => 3306297 B
Edge => 2046866 B
Chrome => 471149547 B
Firefox => 220928123 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 1041169 B
systemprofile32 => 45486 B
LocalService => 436012 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
micha => 34653647 B

RecycleBin => 32629583 B
EmptyTemp: => 2.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 09:57:12 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: Kontrola FRST logů

#8 Příspěvek od Conder »

:arrow: Ako to vyzera s PC?
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět