VIRY.CZ

Dobrý den,
mám klasický problém s vyskakováním oken v prohlížeči. Zkoušej jsem již všechny možné programy na odstranění a zatím bezvýsledně. pomohl by mi někdo?
Přikládám log z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by David Kalaš at 2017-03-01 07:17:31
Microsoft Windows 10 Home
System drive C: has 14 GB (14%) free of 104 GB
Total RAM: 16179 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:17:37, on 01.03.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\David Kalaš.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo17win10.msn.com/?pc=LCTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://nostopped.com/wpad.dat?960a03938 ... 3725813439
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1029
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCSDK - Lenovo - C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Unknown owner - C:\Windows\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: Dolby DAX2 API Service (DAX2API) - Unknown owner - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Avid\Pro Tools\MMERefresh.exe (file missing)
O23 - Service: digiSPTIService64 - Unknown owner - C:\Program Files\Avid\Pro Tools\digisptiservice64.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GDCAgent - Lenovo - C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem85.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\Windows\SysWOW64\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\Windows\SysWOW64\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\Windows\SysWOW64\lktsrv.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Authentication Service (niauth) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI LXI Discovery Service (niLXIDiscovery) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\Windows\SysWOW64\nipxism.exe
O23 - Service: NI Service Locator (NiSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
O23 - Service: NI System Web Server (NISystemWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: NI Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: OpcEnum - OPC Foundation - C:\Windows\SysWOW64\Opcenum.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Remote Solver for Flow Simulation 2013 (RemoteSolverDispatcher) - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 17007 bytes

======Listing Processes======









C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
winlogon.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k NetworkService
"dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-77081d42-41f1-447b-8459-8d07a3c703a2 -SystemEventPortName:HostProcess-cbfecb90-0e4a-462c-9d79-bec74d94b243 -IoCancelEventPortName:HostProcess-6ea5d38e-db64-4340-8b85-7d7b3f522f4d -NonStateChangingEventPortName:HostProcess-5c221a66-ff20-4b6f-905b-8b4e641fc84f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6628fd7b-9166-4c08-bb50-7bd513ee5d12 -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\WLANExt.exe 2550616401616
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe"
C:\Windows\system32\ibtsiva
C:\Windows\SysWOW64\lkads.exe
"C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe" -s
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe" -start
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
"C:\Program Files (x86)\National Instruments\MAX\nimxs.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe" "SOFTWARE\SRAC\COSMOS_FloWorks 2013"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k appmodel
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"

C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\SysWOW64\lktsrv.exe
"C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe"
C:\Windows\SysWOW64\nipxism.exe
"C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe"
"C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe" "SOFTWARE\SRAC\COSMOS_FloWorks 2013"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe"
"C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe"
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe -first
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe" -system
sihost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
NIWebServiceContainer.exe {E675EE7A-CC6B-413F-8962-018D6230C105} 4568 996 21
"C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user
NIWebServiceContainer.exe {F982731D-F80F-4F44-B871-EC81FB4D7305} 4568 1048 21
NIWebServiceContainer.exe {09BD6745-DB9F-417B-B2C7-BE84B8DDF783} 4568 1084 21
NIWebServiceContainer.exe {E810CF5B-23F4-428A-AE59-7569FF360D50} 4568 1036 21
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
NIWebServiceContainer.exe {8A1DB6A1-B27C-4703-958A-0E4B84F06CBE} 3888 1012 21
igfxEM.exe
igfxHK.exe
igfxTray.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
NIWebServiceContainer.exe {76ECCF8C-9A7D-41CF-B655-BA08FC6306F5} 4568 1100 21
NIWebServiceContainer.exe {A9ED6116-5029-456D-97C9-767892FD9EA6} 4568 1120 21
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SettingSyncHost.exe -Embedding

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\emilk\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=56.0.2924.87 --initial-client-data=0x1d0,0x1d4,0x1d8,0x1cc,0x1dc,0x7ffe43851160,0x7ffe43851140,0x7ffe43851118
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=6764 --on-initialized-event-handle=632 --parent-handle=644 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled/InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,19,23,40,59,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x191b --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=20.19.15.4463 --gpu-driver-date=5-25-2016 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x139a --service-request-channel-token=AD0FA209A613CCEAFCBDD35A0D504347 --mojo-platform-channel-handle=1312 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=530BE312E348691A95D5E1F87B982683 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=530BE312E348691A95D5E1F87B982683 --renderer-client-id=4 --mojo-platform-channel-handle=2952 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/WebFontsInterventionV2/Default/ --primordial-pipe-token=05C51E35F94BC79D1997E640E990C0C3 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=05C51E35F94BC79D1997E640E990C0C3 --renderer-client-id=5 --mojo-platform-channel-handle=2580 /prefetch:1
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --lang=cs --service-request-channel-token=8B38A2C283DDE958B4F20E65E6728149 --mojo-platform-channel-handle=5516 --ignored=" --type=renderer " /prefetch:8
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_DOLBYDRAGON
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe" -Hide
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Windows\SysWOW64\UMonit64.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
AvastUI.exe /nogui
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=0B5092E13F35BD05E0D098DF8254DF26 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=0B5092E13F35BD05E0D098DF8254DF26 --renderer-client-id=12 --mojo-platform-channel-handle=6596 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=20ED63A568F4716EB945247D42294C99 --lang=cs --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=20ED63A568F4716EB945247D42294C99 --renderer-client-id=13 --mojo-platform-channel-handle=4148 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=4E5DAA2238F0783B59A806D19CD2C092 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=4E5DAA2238F0783B59A806D19CD2C092 --renderer-client-id=14 --mojo-platform-channel-handle=4160 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=9DC58D01A70B5607DF5311FBBA6A39AC --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=9DC58D01A70B5607DF5311FBBA6A39AC --renderer-client-id=17 --mojo-platform-channel-handle=7920 /prefetch:1
C:\Windows\system32\AUDIODG.EXE 0x2d8
"fontdrvhost.exe"
"C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe"
"C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutofillProfileCleanup<AutofillProfileCleanup,BlockSmallPluginContent<PluginPowerSaverTiny,*DefaultEnableGpuRasterization<DefaultEnableGpuRasterization,DisableFirstRunAutoImport<DisableFirstRunAutoImport,EnableSyncClientToServerCompression<EnableSyncClientToServerCompression,*ExpectCTReporting<ExpectCTReporting,*ExperimentalSwReporterEngine<SRTExperimentalEngineTrial,MediaFoundationH264Encoding<MediaFoundationH264Encoding,*NegotiateTLS13<TLS13Negotiation,ParseHTMLOnMainThread<ParseHTMLOnMainThread,*PersistentHistograms<PersistentHistograms,*PointerEvent<PointerEvent,PreferHtmlOverPlugins<Html5ByDefault,SecurityChip<SecurityChip,SubresourceFilter<SubresourceFilter,SwReporterExtendedSafeBrowsingFeature<SwReporterExtendedSafeBrowsingFeature,*TranslateRankerLogging<TranslateRankerLogging,*TranslateUI2016Q2<TranslateUI2016Q2 --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillProfileCleanup/Enabled/CaptivePortalInterstitial/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/MergeByRedirects/*ClientSideDetectionModel/Model0/*DataReductionProxyUseQuic/Enabled10_NoControl/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DefaultEnableGpuRasterization/Default/DisableFirstRunAutoImport/AutoImportDisabled/*DisallowFetchForDocWrittenScriptsInMainFrame/DocumentWriteScriptBlockGroup_20161208_Launch/*EnableSyncClientToServerCompression/Enabled/ExpectCTReporting/ExpectCTReportingDisabled/ExtensionDeveloperModeWarning/Enabled/*Html5ByDefault/Enabled/*InstanceID/Enabled/*MarkNonSecureAs/show-non-secure-passwords-cc-ui/*MediaFoundationH264Encoding/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PersistentHistograms/Default/PluginPowerSaverTiny/Enabled2/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/SRTExperimentalEngineTrial/Default/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Enabled/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingV4LocalDatabaseManagerEnabled/Default/*SecurityChip/Enabled/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*SiteIsolationExtensions/Enabled_100/*StrictSecureCookies/Enabled/*SubresourceFilter/EnabledForPhishingSites/*SwReporterExtendedSafeBrowsingFeature/Enabled/*TLS13Negotiation/Default/*TranslateRankerLogging/TranslateRankerLoggingDefault/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group6/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_36/*UMA-Uniformity-Trial-10-Percent/group_02/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/default/*UMA-Uniformity-Trial-5-Percent/group_05/*UMA-Uniformity-Trial-50-Percent/default/*WebFontsInterventionV2/Default/ --primordial-pipe-token=88277131B2494C376ABADB55C4ED5C35 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553 --service-request-channel-token=88277131B2494C376ABADB55C4ED5C35 --renderer-client-id=34 --mojo-platform-channel-handle=8216 /prefetch:1
"D:\Stažené soubory\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_186_pepper.exe

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Log RSIT není kompletní a navíc se z něj desítka těžko řeší bez poškození systému.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by David Kalaš (administrator) on LENOVO (02-03-2017 06:10:51)
Running from C:\Users\emilk\Desktop
Loaded Profiles: David Kalaš (Available Profiles: defaultuser0 & David Kalaš & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(National Instruments Corporation) C:\Windows\SysWOW64\nipxism.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
() C:\Windows\System32\igfxTray.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Windows\SysWOW64\UMonit64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LenovoUtility] => "C:\Program Files\Lenovo\LenovoUtility\utility.exe"
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16418560 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-01-22] (Realtek Semiconductor)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-14] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3937960 2015-07-23] (Synaptics Incorporated)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools\MMERefresh.exe
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-28] (AVAST Software)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-11-29] (Disc Soft Ltd)
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\Run: [NIRegistrationWizard] => C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe [847000 2013-04-19] ()
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {658a0794-ccd5-11e6-83f9-54ee75ad754f} - "E:\AutoRun.exe"
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {db12dff1-c847-11e6-83e6-680715f12b23} - "H:\autorun.exe"
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-28] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-241562553-2584673444-3252148641-1001] => hxxp://nostopped.com/wpad.dat?960a03938b9247f3b5e63c03655ae73725813439
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2014-06-06] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2014-06-06] (National Instruments Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{16351f9d-0e2c-4030-82b6-8eedcbebd889}: [DhcpNameServer] 172.168.137.2
Tcpip\..\Interfaces\{a609a470-9eb8-407a-ac48-5f4be2b834f3}: [DhcpNameServer] 192.168.0.1
ManualProxies: 0hxxp://nostopped.com/wpad.dat?960a03938b9247f3b5e63c03655ae73725813439

Internet Explorer:
==================
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-241562553-2584673444-3252148641-1001 -> DefaultScope {0B0D4E15-002E-4F67-8C8E-619C93435780} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: r4855c64.default
FF ProfilePath: C:\Users\emilk\AppData\Roaming\Mozilla\Firefox\Profiles\r4855c64.default [2017-02-26]
FF Homepage: Mozilla\Firefox\Profiles\r4855c64.default -> hxxp://www.footballarena.org/
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\emilk\AppData\Roaming\Mozilla\Firefox\Profiles\r4855c64.default\features\{9b3083e4-7068-4636-b16c-1d4c6532bb7a}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1227197.dll [2017-02-20] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2012win32.dll [2014-05-13] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2013win32.dll [2014-04-02] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nplv2014win32.dll [2015-04-30] (National Instruments)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
CHR Extension: (Překladač Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-12-22]
CHR Extension: (Prezentace Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
CHR Extension: (Dokumenty Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-22]
CHR Extension: (Disk Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
CHR Extension: (YouTube) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
CHR Extension: (Tabulky Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-25]
CHR Extension: (Hangouts Google) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-02-11]
CHR Extension: (Into The Mist) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2017-02-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7147320 2017-02-28] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-28] (AVAST Software)
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [666608 2016-03-22] (Lenovo)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [448512 2016-08-02] (Intel Corporation)
R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-23] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-11-29] (Disc Soft Ltd)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1210352 2016-03-23] (Lenovo)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-08-02] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-11] (Intel Corporation)
R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2014-08-07] (National Instruments, Inc.)
R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2015-06-01] (National Instruments Corporation)
R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2015-06-01] (National Instruments Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [84792 2015-06-12] (National Instruments Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()
R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57184 2015-06-03] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [80736 2015-06-03] (National Instruments Corporation)
R2 niauth; C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [571712 2015-06-02] (National Instruments Corporation)
R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [399152 2015-06-01] (National Instruments Corporation)
S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
R2 niLXIDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI-VISA\niLxiDiscovery.exe [375160 2015-09-22] (National Instruments Corporation)
R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [320368 2014-06-06] (National Instruments Corporation)
R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [177024 2015-06-12] (National Instruments Corporation)
R2 nipxirmu; C:\Windows\SysWOW64\nipxism.exe [21328 2015-05-26] (National Instruments Corporation)
R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [89928 2015-06-02] (National Instruments Corporation)
R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57168 2015-06-03] (National Instruments Corporation)
R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [692040 2014-06-10] (National Instruments Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2017-02-24] (SolidWorks) [File not signed]
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-23] (Synaptics Incorporated)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)
S2 DigiRefresh; C:\Program Files\Avid\Pro Tools\MMERefresh.exe -s [X]
S3 digiSPTIService64; "C:\Program Files\Avid\Pro Tools\digisptiservice64.exe" [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [309272 2017-02-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [189768 2017-02-28] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334600 2017-02-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [48528 2017-02-28] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-02-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32088 2017-02-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [126600 2017-02-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [100640 2017-02-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-02-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [993608 2017-02-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [547904 2017-02-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162528 2017-02-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [337592 2017-02-28] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-12-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-12-22] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [243200 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
S3 Huawei; C:\Windows\system32\DRIVERS\ewdcsc.sys [29696 2009-12-15] (Huawei Tech. Co., Ltd.)
S3 hwusbdev; C:\Windows\system32\DRIVERS\ewusbdev.sys [114304 2009-12-15] (Huawei Technologies Co., Ltd.)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-16] (Intel Corporation)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2015-06-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [253184 2016-12-12] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-28] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-03-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-03-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-03-02] (Malwarebytes)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-12-22] (Nicomsoft Ltd.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7231248 2016-06-17] (Intel Corporation)
S3 ni1045k; C:\Windows\System32\drivers\ni1045kl.sys [12984 2015-03-31] (National Instruments Corporation)
S3 ni1065k; C:\Windows\System32\drivers\ni1065k.sys [30032 2015-06-12] (National Instruments Corporation)
R3 nidimk; C:\Windows\System32\drivers\nidimkl.sys [15200 2014-09-18] (National Instruments Corporation)
R3 nimdbgk; C:\Windows\System32\drivers\nimdbgkl.sys [15200 2015-02-05] (National Instruments Corporation)
R3 nimxdfk; C:\Windows\System32\drivers\nimxdfkl.sys [15184 2015-02-05] (National Instruments Corporation)
S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [15184 2014-07-31] (National Instruments Corporation)
S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [15232 2015-05-20] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [777560 2015-05-20] (National Instruments Corporation)
S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [15224 2015-05-20] (National Instruments Corporation)
R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [19288 2014-02-28] (National Instruments Corporation)
R0 nipcibrd; C:\Windows\System32\drivers\nipcibrd.sys [107888 2015-06-11] (National Instruments Corporation)
R0 nipxibrc; C:\Windows\System32\drivers\nipxibrc.sys [72600 2015-06-12] (National Instruments Corporation)
S3 nipxifpk; C:\Windows\System32\drivers\nipxifpk.sys [37272 2015-05-26] (National Instruments Corporation)
S3 nipxigpk; C:\Windows\System32\drivers\nipxigpk.sys [23896 2015-05-26] (National Instruments Corporation)
R2 nipxirmk; C:\Windows\System32\drivers\nipxirmkl.sys [15184 2015-05-26] (National Instruments Corporation)
R3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [15200 2015-09-22] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [15200 2015-09-22] (National Instruments Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvltwu.inf_amd64_dc8ffafad3ea7ddd\nvlddmkm.sys [14190520 2017-01-17] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-19] (Realtek )
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3119872 2016-06-08] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-23] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 06:10 - 2017-03-02 06:11 - 00032966 _____ C:\Users\emilk\Desktop\FRST.txt
2017-03-02 06:10 - 2017-03-02 06:10 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-02 06:10 - 2017-03-02 06:10 - 00000000 ____D C:\FRST
2017-03-02 06:09 - 2017-03-02 06:09 - 02423808 _____ (Farbar) C:\Users\emilk\Desktop\FRST64.exe
2017-03-01 19:54 - 2017-03-01 19:54 - 04031440 _____ C:\Users\emilk\Desktop\adwcleaner_6.044.exe
2017-03-01 15:58 - 2017-03-01 15:58 - 00000000 ____D C:\$WINDOWS.~BT
2017-03-01 15:57 - 2017-03-01 15:57 - 00000000 ___HD C:\$SysReset
2017-03-01 07:17 - 2017-03-01 07:17 - 00000000 ____D C:\rsit
2017-03-01 07:17 - 2017-03-01 07:17 - 00000000 ____D C:\Program Files\trend micro
2017-02-28 20:58 - 2017-03-02 06:06 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-28 20:58 - 2017-03-02 06:06 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-28 20:58 - 2017-02-28 20:58 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-28 20:52 - 2017-02-28 20:52 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-28 20:52 - 2017-02-28 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-28 20:52 - 2017-02-28 20:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-28 20:52 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-28 20:41 - 2017-03-02 06:06 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-28 20:41 - 2017-03-02 06:06 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-28 20:41 - 2017-02-28 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-28 19:40 - 2017-02-28 19:39 - 00398408 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-02-28 19:09 - 2017-03-02 06:05 - 00000000 ____D C:\AdwCleaner
2017-02-28 18:34 - 2017-02-28 18:34 - 00000085 _____ C:\Windows\wininit.ini
2017-02-28 18:27 - 2017-02-28 18:27 - 00000000 ____D C:\Program Files (x86)\GUMA7EA.tmp
2017-02-28 18:24 - 2017-02-28 18:24 - 00000000 ____D C:\Program Files (x86)\GUM8C52.tmp
2017-02-28 18:21 - 2017-02-28 18:35 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-28 18:21 - 2017-02-28 18:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-28 18:21 - 2017-02-28 18:21 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-02-26 19:41 - 2017-02-28 20:49 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-02-26 19:41 - 2017-02-28 19:39 - 00334600 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-02-26 19:41 - 2017-02-28 19:39 - 00309272 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-02-26 19:41 - 2017-02-28 19:39 - 00189768 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-02-26 19:41 - 2017-02-28 19:39 - 00048528 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-02-26 15:57 - 2017-02-26 15:57 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-26 15:57 - 2017-02-26 15:57 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-26 15:56 - 2017-02-28 18:27 - 00003470 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-26 15:56 - 2017-02-28 18:27 - 00003346 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-24 12:41 - 2017-02-24 12:41 - 00000000 ____D C:\Users\emilk\AppData\Local\3dmouse
2017-02-24 12:34 - 2017-03-01 08:58 - 00000000 ____D C:\Users\emilk\AppData\Roaming\McNeel
2017-02-24 12:34 - 2017-03-01 08:58 - 00000000 ____D C:\Users\emilk\AppData\Local\McNeel
2017-02-24 12:33 - 2017-03-01 09:01 - 00000000 ____D C:\ProgramData\McNeel
2017-02-24 12:33 - 2017-02-25 17:30 - 00000500 _____ C:\Windows\SysWOW64\Drivers\igxkxz_862.set
2017-02-24 12:33 - 2017-02-25 17:30 - 00000500 _____ C:\Windows\SysWOW64\Drivers\diusvhm386.dat
2017-02-24 12:33 - 2017-02-25 17:30 - 00000500 _____ C:\Windows\d_oirotq338.ini
2017-02-24 12:33 - 2017-02-24 12:33 - 00000500 _____ C:\Windows\SysWOW64\Drivers\ggxkxz_610.set
2017-02-24 12:33 - 2017-02-24 12:33 - 00000500 _____ C:\Windows\SysWOW64\Drivers\fiusvhm561.dat
2017-02-24 12:33 - 2017-02-24 12:33 - 00000500 _____ C:\Windows\i_oirotq856.ini
2017-02-24 11:20 - 2017-02-24 11:20 - 00000000 ____D C:\ProgramData\Simpoe
2017-02-24 11:19 - 2017-02-24 11:19 - 00000000 ____D C:\ProgramData\SolidWorks Flow Simulation
2017-02-24 11:19 - 2017-02-24 11:19 - 00000000 ____D C:\ProgramData\COSMOS Applications
2017-02-24 11:18 - 2017-02-24 11:18 - 00000000 ____D C:\Program Files (x86)\SolidWorks Corp
2017-02-24 11:18 - 2017-02-24 11:18 - 00000000 _____ C:\Windows\eDrawingOfficeAutomator.INI
2017-02-24 11:17 - 2017-02-24 11:17 - 00000000 ____D C:\Users\emilk\AppData\Roaming\help_images_otherUI
2017-02-24 11:15 - 2017-02-24 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2013
2017-02-24 11:15 - 2017-02-24 11:15 - 00002747 _____ C:\Users\Public\Desktop\SolidWorks 2013 x64 Edition.lnk
2017-02-24 11:14 - 2017-02-24 11:20 - 00000000 ____D C:\Program Files\SolidWorks Corp
2017-02-24 11:14 - 2017-02-24 11:14 - 00000000 ____D C:\ProgramData\SolidWorks
2017-02-24 11:14 - 2017-02-24 11:14 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2017-02-24 11:11 - 2017-02-24 11:15 - 00000000 ____D C:\SolidWorks Data (2)
2017-02-24 11:10 - 2017-02-24 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Manažer instalací SolidWorks
2017-02-24 11:09 - 2017-02-24 11:11 - 00000000 ____D C:\Windows\SolidWorks
2017-02-22 19:10 - 2017-02-22 19:10 - 00000000 ____D C:\Users\emilk\AppData\Local\ESET
2017-02-21 15:39 - 2017-02-21 15:39 - 00000000 ____D C:\Users\emilk\AppData\Roaming\NVIDIA
2017-02-21 15:39 - 2017-02-21 15:39 - 00000000 ____D C:\Users\emilk\AppData\Roaming\EDrawings
2017-02-10 07:22 - 2017-02-26 07:29 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-10 07:22 - 2016-12-29 14:10 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-02-10 07:22 - 2016-12-29 13:28 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-02 06:06 - 2016-11-23 15:23 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-02 06:06 - 2016-09-09 16:06 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-02 06:06 - 2016-07-29 18:26 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 06:06 - 2016-07-16 07:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-03-01 19:18 - 2016-09-09 16:41 - 02917648 _____ C:\Windows\system32\perfh005.dat
2017-03-01 19:18 - 2016-09-09 16:41 - 00827074 _____ C:\Windows\system32\perfc005.dat
2017-03-01 19:18 - 2016-07-29 18:31 - 06339148 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-01 13:08 - 2016-07-29 18:26 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-03-01 09:02 - 2016-12-22 13:07 - 00000000 ____D C:\Users\emilk\AppData\Local\CrashDumps
2017-02-28 19:41 - 2016-12-22 12:13 - 00004004 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482405219
2017-02-28 19:41 - 2016-12-22 12:13 - 00001095 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-28 19:39 - 2016-12-22 12:12 - 00032088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00993608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00547904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00337592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00162528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00126600 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00100640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00075704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-02-28 19:39 - 2016-12-22 12:09 - 00038296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-02-28 18:47 - 2016-12-22 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-28 18:24 - 2016-12-22 12:15 - 00000000 ____D C:\Users\emilk\AppData\Local\Google
2017-02-27 12:37 - 2016-11-23 15:25 - 00000000 ____D C:\Users\emilk
2017-02-26 19:43 - 2016-12-22 15:27 - 00000000 ____D C:\Temp
2017-02-26 19:41 - 2016-12-22 12:09 - 00337080 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys.148813450893704
2017-02-26 19:41 - 2016-12-22 12:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-26 19:36 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2017-02-26 15:57 - 2016-12-22 12:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-26 07:44 - 2016-12-22 13:03 - 00000000 ____D C:\Users\emilk\AppData\LocalLow\Mozilla
2017-02-26 07:43 - 2016-12-22 13:02 - 00001437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-26 07:43 - 2016-12-22 13:02 - 00001425 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-26 07:43 - 2016-12-22 12:13 - 00001375 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2017-02-25 16:02 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-24 18:46 - 2016-12-22 15:32 - 00000000 ____D C:\Users\emilk\AppData\Local\TempAdresářZálohySW
2017-02-24 17:56 - 2016-12-22 14:45 - 00000000 ____D C:\Users\emilk\AppData\Roaming\SolidWorks
2017-02-24 11:35 - 2016-07-29 18:25 - 10034432 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-24 11:24 - 2016-12-22 15:02 - 00000000 ____D C:\Users\emilk\AppData\Roaming\vlc
2017-02-24 11:18 - 2016-12-22 15:12 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2017-02-24 11:16 - 2016-12-22 15:14 - 00000000 ____D C:\ProgramData\DassaultSystemes
2017-02-23 18:36 - 2016-12-22 17:11 - 00000000 ____D C:\Windows\system32\MRT
2017-02-23 18:33 - 2016-12-22 17:11 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-22 18:54 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2017-02-21 15:38 - 2016-12-22 15:04 - 00000000 ____D C:\ProgramData\FLEXnet
2017-02-21 15:38 - 2016-12-22 14:42 - 00000000 ____D C:\EAGLE-7.6.0
2017-02-21 15:03 - 2016-12-22 14:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-13 08:10 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\NDF
2017-02-12 14:00 - 2017-01-22 10:09 - 00000992 _____ C:\Users\emilk\Desktop\Sweet Home 3D.lnk
2017-02-12 14:00 - 2017-01-22 10:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
2017-02-12 14:00 - 2017-01-22 10:09 - 00000000 ____D C:\Program Files\Sweet Home 3D
2017-02-12 09:42 - 2016-12-22 16:02 - 00000000 ____D C:\ProgramData\National Instruments
2017-02-10 15:15 - 2016-11-23 15:27 - 00000000 ____D C:\Users\emilk\AppData\Local\NVIDIA Corporation
2017-02-10 09:41 - 2016-12-22 12:56 - 00000000 ____D C:\Users\emilk\AppData\Local\GHISLER
2017-02-10 07:23 - 2016-09-09 16:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-10 07:22 - 2016-09-09 16:06 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-10 07:22 - 2016-09-09 16:05 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-10 07:22 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2017-02-06 20:48 - 2016-12-22 18:10 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-06 20:48 - 2016-12-22 18:10 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-04 19:33 - 2016-12-22 15:56 - 00000000 ____D C:\Users\emilk\AppData\Local\Microsoft Help
2017-02-01 06:27 - 2016-12-22 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2017-01-19 17:43 - 2017-01-19 17:44 - 0000132 _____ () C:\Users\emilk\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
2017-01-11 19:07 - 2017-01-11 19:07 - 0000218 _____ () C:\Users\emilk\AppData\Local\recently-used.xbel
2016-12-25 16:45 - 2016-12-25 16:45 - 0007600 _____ () C:\Users\emilk\AppData\Local\Resmon.ResmonCfg
2016-09-09 16:06 - 2016-09-09 16:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 16:07 - 2016-09-09 16:07 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-28 05:53

==================== End of FRST.txt ============================

Spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v6.044 - Log vytvořen 02/03/2017 v 18:56:54
# Aktualizováno dne 28/02/2017 z Malwarebytes
# Databáze : 2017-03-01.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : David Kalaš - LENOVO
# Spuštěno z : C:\Users\emilk\Desktop\adwcleaner_6.044.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1689 Bajty] - [28/02/2017 19:13:14]
C:\AdwCleaner\AdwCleaner[C2].txt - [1167 Bajty] - [28/02/2017 20:40:10]
C:\AdwCleaner\AdwCleaner[C3].txt - [1459 Bajty] - [02/03/2017 06:05:41]
C:\AdwCleaner\AdwCleaner[C4].txt - [1018 Bajty] - [02/03/2017 18:56:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [2117 Bajty] - [28/02/2017 19:12:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [1514 Bajty] - [28/02/2017 20:40:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1660 Bajty] - [01/03/2017 07:16:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [1735 Bajty] - [01/03/2017 20:03:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [1806 Bajty] - [02/03/2017 06:05:32]
C:\AdwCleaner\AdwCleaner[S5].txt - [1954 Bajty] - [02/03/2017 18:56:47]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1529 Bajty] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {658a0794-ccd5-11e6-83f9-54ee75ad754f} - "E:\AutoRun.exe"
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {db12dff1-c847-11e6-83e6-680715f12b23} - "H:\autorun.exe"
SearchScopes: HKU\S-1-5-21-241562553-2584673444-3252148641-1001 -> DefaultScope {0B0D4E15-002E-4F67-8C8E-619C93435780} URL =
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by David Kalaš (02-03-2017 19:08:39) Run:1
Running from C:\Users\emilk\Desktop
Loaded Profiles: David Kalaš (Available Profiles: defaultuser0 & David Kalaš & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {658a0794-ccd5-11e6-83f9-54ee75ad754f} - "E:\AutoRun.exe"
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\...\MountPoints2: {db12dff1-c847-11e6-83e6-680715f12b23} - "H:\autorun.exe"
SearchScopes: HKU\S-1-5-21-241562553-2584673444-3252148641-1001 -> DefaultScope {0B0D4E15-002E-4F67-8C8E-619C93435780} URL =
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\ProgramData\DP45977C.lfl

EmptyTemp:
End
*****************

HKU\S-1-5-21-241562553-2584673444-3252148641-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{658a0794-ccd5-11e6-83f9-54ee75ad754f} => key removed successfully
HKCR\CLSID\{658a0794-ccd5-11e6-83f9-54ee75ad754f} => key not found.
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db12dff1-c847-11e6-83e6-680715f12b23} => key removed successfully
HKCR\CLSID\{db12dff1-c847-11e6-83e6-680715f12b23} => key not found.
HKU\S-1-5-21-241562553-2584673444-3252148641-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 84287596 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 524074 B
Edge => 4002110 B
Chrome => 294032419 B
Firefox => 690120 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 165 B
systemprofile32 => 0 B
LocalService => 164838 B
NetworkService => 6652 B
defaultuser0 => 0 B
emilk => 32882619 B
Administrator => 12628 B

RecycleBin => 0 B
EmptyTemp: => 397.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:08:51 ====

Problém bohužel stále přetrvává...

Udělejte ještě tyto skeny:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by David Kalaç on 02.03.2017 at 20:03:16,86.
Microsoft Windows 10 Home 10.0.14393 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\emilk\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

02.03.2017 20:05:06 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\GUM8C52.tmp deleted successfully
C:\PROGRA~2\VulkanRT deleted successfully
C:\PROGRA~2\COMMON~1\VST3 deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\RealVNC-Service deleted successfully
C:\PROGRA~3\Simpoe deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\SUPPORTDIR deleted successfully
C:\PROGRA~3\{DA31E3B5-AD7E-4759-A162-75CF964B70AC} deleted successfully
C:\Users\Administrator\AppData\LocalLow deleted successfully
C:\Users\defaultuser0\AppData\Local\VirtualStore deleted successfully
C:\Users\emilk\AppData\Local\CrashDumps deleted successfully
C:\Users\emilk\AppData\Local\CyberLink deleted successfully
C:\Users\emilk\AppData\Local\DassaultSystemes deleted successfully
C:\Users\emilk\AppData\Local\Lenovo deleted successfully
C:\Users\emilk\AppData\Local\McNeel deleted successfully
C:\Users\emilk\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\emilk\AppData\Local\uwd4kRzw deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\emilk\AppData\Roaming\Mozilla\Firefox\Profiles\r4855c64.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.footballarena.org/");

Added to C:\Users\emilk\AppData\Roaming\Mozilla\Firefox\Profiles\r4855c64.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUM8C52.tmp not found
C:\PROGRA~2\VulkanRT not found
C:\PROGRA~3\{DA31E3B5-AD7E-4759-A162-75CF964B70AC} not found
C:\PROGRA~2\GUMA7EA.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Users\emilk\AppData\Roaming\McNeel" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\emilk\AppData\Roaming\Mozilla\Firefox\Profiles\r4855c64.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF48" [28.02.2017 19:40]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF48" [28.02.2017 19:40]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Into The Mist - emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh
Chrome Media Router - emilk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lenovo17win10.msn.com/?pc=LCTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lenovo17win10.msn.com/?pc=LCTE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\emilk\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\emilk\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\emilk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=593 folders=1145 2639484599 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\emilk\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 02.03.2017 at 21:17:14,96 ======================

A Junkware?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Home x64
Ran by David Kalaç (Administrator) on 02.03.2017 at 21:20:02,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2017 at 21:23:50,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pořád vyskakuje např. search.queryrouter.com, watermelon-shake.com, www.liveadexchanger.com a další

V kterém prohlížeči?

Google chrome. Například v článcích na sport.cz mi to samo z textu dělá odkazy, které tam ve skutečnosti nejsou a přesměrovává mě to na zmíněné parazitní weby...