HKLM\...\Winlogon: [Shell] explorer.exe,d.exe
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-7682389-3612777877-391866582-1000\...\MountPoints2: {da4eedc7-7be1-11e2-8ac3-806e6f6e6963} - E:\start.exe
Startup: C:\Users\Vladana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2019-11-16] () [File not signed]
Task: {99C2A032-6D1C-441F-87FE-DA0735A1B827} - System32\Tasks\{6243CAD4-3DB1-45D4-933D-254A23B4CA85} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-7682389-3612777877-391866582-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Vladana\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
MSCONFIG\startupfolder: C:^Users^Vladana^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ZenMate.bat => C:\Windows\pss\ZenMate.bat.Startup
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [240512 2019-10-25] (Mixbyte Inc -> )
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: