VIRY.CZ

Dobrý večer,

jsem fakt idiot. Kliknul - resp. nainstaloval jsem si nějaký šmejd, který se automaticky začal instalovat po jednom kliku. Kliknul jsem rychleji, než jsem stihl sám sebe zarazit a už to bylo. Nainstalovaly se mi nějaké programy (Driver updater, Zrychleni Pocitace, Crossout - MMO Activation Game, Folder share, atd.)

Něco se mi povedlo killnout v procesech, něco zarazil avast, ale aktuálně se mi dějí tyhle věci:
ve Chromu se mi pořád přepisuje domovská stránka
pořád se mi mění vyhledávač
do různých stránek se mi přidaly reklamy, které tam buď dříve nebyly nebo jsou nahrazeny těmi klasickými (vysněný job, jak jsem vydělal 30000 dolarů za pět minut, apod)
pořád se spouští proces xmrig.exe, který má vysoké vytížení procesoru, když jsem to asi po patnácté zavřel v procesech, tak to avast přesunul do truhly.

Prosím Vás o kontrolu logu a pomoc při odstranění viru.

Díky moc

Jirka

Logfile of random's system information tool 1.10 (written by random/random)
Run by Maverick at 2018-05-27 19:19:38
Microsoft Windows 10 Pro
System drive C: has 32 GB (31%) free of 103 GB
Total RAM: 16326 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:41, on 27.05.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Zello\Zello.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
E:\P3D Addons\AS_P3Dv4\AS_P3Dv4.exe
E:\P3D ADDONS\ULTIMATE TRAFFIC LIVE\utl_client.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\trend micro\Maverick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L1VcpOXzkPEkfwu34q1-r7T4gRlGDftDIg8XslmXIHflrWHmEZhPFtxu9BfKw3EubqGfRVoGzxJjjmA4ucajnLU4k,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L1VcpOXzkPEkfwu34q1-r7T4gRlGDftDIg8XslmXIHflrWHmEZhPFtxu9BfKw3EubqGfRVoGzxJjjmA4ucajnLU4k,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L1VcpOXzkPEkfwu34q1-r7T4gRlGDftDIg8XslmXIHflrWHmEZhPFtxu9BfKw3EubqGfRVoGzxJjjmA4ucajnLU4k,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L59F36l08Hii7udeGZzrIQg2tnYzrHZa2RZLm_RmUHQBsofYlIIjSfS1HFIlCWFk0aNmGd4wszbHgmY_hlXlDZTck,
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L1VcpOXzkPEkfwu34q1-r7T4gRlGDftDIg8XslmXIHflrWHmEZhPFtxu9BfKw3EubqGfRVoGzxJjjmA4ucajnLU4k,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AirBackupHelper] C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Zello] "C:\Program Files (x86)\Zello\Zello.exe" /background
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Maverick\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Maverick\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Aktualizace Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Aktualizace Google (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMS-R@1n - Unknown owner - C:\Windows\KMS-R@1n.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 12843 bytes

======Listing Processes======

c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay
C:\Windows\system32\svchost.exe -k DcomLaunch -p
"fontdrvhost.exe"
c:\windows\system32\svchost.exe -k rpcss -p
c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc
c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc
c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager
c:\windows\system32\svchost.exe -k localservice -p -s nsi
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-57ffa553-41dc-4d73-9a90-369325a4754e -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f17d5039-ac5e-4ade-830b-09828b40f0a8 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f23f8594-6771-4621-ad49-4c199fc176f1 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d305c29d-cdc4-4f93-8454-9cae9499e41d -LifetimeId:804bdcc7-dcaa-4416-a261-e5fef11aadd8 -DeviceGroupId:WpdFsGroup
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
c:\windows\system32\svchost.exe -k netsvcs -p -s Themes
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain
c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc
c:\windows\system32\svchost.exe -k localservice -p -s EventSystem
c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache

c:\windows\system32\svchost.exe -k netsvcs -p -s SENS
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -p -s netprofm
c:\windows\system32\svchost.exe -k localservice -p -s FontCache
c:\windows\system32\svchost.exe -k localservice -p -s SEMgrSvc
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection

c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager
C:\Windows\System32\spoolsv.exe
c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe"
c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
C:\Windows\System32\svchost.exe -k utcsvc -p
c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
C:\Windows\KMS-R@1n.exe
c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks
c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc
c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc
c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s Netman
c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV
"C:\Program Files\iPod\bin\iPodService.exe"
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc
c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SensorService
c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DsSvc
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s QWAVE
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\Windows\System32\msdtc.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost

C:\Windows\System32\WinLogon.exe -SpecialSession
"fontdrvhost.exe"
"dwm.exe"
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%dSPUser.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\SPUser" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -r -l 3 -p 30000 -st "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -c
sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
"ctfmon.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files\Windows Defender\MSASCuiL.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=gpu-process --no-sandbox --lang=en-US --log-file="C:\Users\Maverick\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --gpu-preferences=GAAAAAAAAAAABwAAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x10de --gpu-device-id=0x1401 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --lang=en-US --log-file="C:\Users\Maverick\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --service-request-channel-token=18354FE01157BD9B4A710E4100966A2A --mojo-platform-channel-handle=1880 /prefetch:2
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --disable-browser-side-navigation --no-sandbox --disable-gpu-compositing --service-pipe-token=0357C8B38C88C05B29C62307A0290737 --lang=en-US --lang=en-US --log-file="C:\Users\Maverick\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0357C8B38C88C05B29C62307A0290737 --renderer-client-id=2 --mojo-platform-channel-handle=1864 /prefetch:1
AvastUI.exe /nogui
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Zello\Zello.exe" /background
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
c:\windows\system32\svchost.exe -k unistacksvcgroup
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
C:\Windows\System32\RuntimeBroker.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SppExtComObj.exe -Embedding
c:\windows\system32\svchost.exe -k netsvcs -p -s AppMgmt
"E:\P3D Addons\AS_P3Dv4\AS_P3Dv4.exe"
"E:\P3D Addons\ASCA\AS Cloud Art.exe" STARTINTRAY "E:\Lockheed Martin\Prepar3d v4\"
"E:\P3D ADDONS\ULTIMATE TRAFFIC LIVE\utl_client.exe"
"C:\Program Files\SPAD.neXt\SPAD.neXt.exe"
"C:\Windows\system32\NOTEPAD.EXE" E:\Lockheed Martin\Prepar3d v4\F1TGTN\f1update_tool_readme.txt
"C:\ProgramData\Logic Cramble\set.exe"
C:\Windows\explorer.exe /NOUACCHECK
"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Users\Maverick\AppData\Local\Temp\xmrig.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D?publisher=APSFWakeNet&co=CZ&userid=27732a84-7000-9219-4941-bc97df592866&searchtype=sc&installDate=27.05.2018&barcodeid=51198003&channelid=3&av=avast
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Maverick\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Maverick\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=66.0.3359.181 --initial-client-data=0x1dc,0x1e0,0x1e4,0x1d8,0x1e8,0x7ffaf46a3218,0x7ffaf46a3228,0x7ffaf46a3238
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=15872 --on-initialized-event-handle=708 --parent-handle=716 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=DE3DE218B20F6219CB4A55E0D329E3E4 --mojo-platform-channel-handle=1492 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=F25CEA614CDC9B00BF27CE4C0256D8B0 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=F25CEA614CDC9B00BF27CE4C0256D8B0 --renderer-client-id=3 --mojo-platform-channel-handle=3132 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=E6DC780692521FE1440C4C9A0A1CD9B8 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=E6DC780692521FE1440C4C9A0A1CD9B8 --renderer-client-id=4 --mojo-platform-channel-handle=2732 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=916609B778D5B8A9B846BEE206FC5246 --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=916609B778D5B8A9B846BEE206FC5246 --renderer-client-id=6 --mojo-platform-channel-handle=3568 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=98934C6F3E7CEBFC610023645C0184DC --lang=cs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=98934C6F3E7CEBFC610023645C0184DC --renderer-client-id=7 --mojo-platform-channel-handle=3680 /prefetch:1
"C:\Windows\System32\perfmon.exe" /res

"C:\Program Files\CCleaner\CCleaner64.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=7D1B6099CDEE17A736F115768157E3B9 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=7D1B6099CDEE17A736F115768157E3B9 --renderer-client-id=49 --mojo-platform-channel-handle=4040 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=9A23AF53225214AB78EC03B5DB056FFB --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=9A23AF53225214AB78EC03B5DB056FFB --renderer-client-id=56 --mojo-platform-channel-handle=7424 /prefetch:1
C:\Windows\system32\AUDIODG.EXE 0x6b8
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe96_ Global\UsGthrCtrlFltPipeMssGthrPipe96 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 736 740 748 8192 744
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=B06A30D69DB89CB7F6A1BE061A5E106F --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=B06A30D69DB89CB7F6A1BE061A5E106F --renderer-client-id=59 --mojo-platform-channel-handle=7336 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi-broker --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --lang=cs --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --service-request-channel-token=08A66E732A588EC62D8F0C29F8109C3E --mojo-platform-channel-handle=8280 /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=7C36C1016CD4727BBE0E75BE6E3FC298 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=7C36C1016CD4727BBE0E75BE6E3FC298 --renderer-client-id=60 --mojo-platform-channel-handle=7260 /prefetch:1
C:\Windows\System32\Wbem\wmic.EXE path SoftwareLicensingProduct where (ID="b322da9c-a2e2-4058-9e4e-f59a6970bd69") call Activate
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1476,2261452950975278298,330006245308914420,131072 --service-pipe-token=5F2B6190169BCFD540FCBFF351A9C674 --lang=cs --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=5F2B6190169BCFD540FCBFF351A9C674 --renderer-client-id=63 --mojo-platform-channel-handle=8120 /prefetch:1
C:\Windows\System32\smartscreen.exe -Embedding
C:\Windows\system32\svchost.exe -k appmodel -p -s tiledatamodelsvc
"C:\Users\Maverick\Downloads\RSITx64.exe"

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-21 474688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-21 188992]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=C:\Program Files\Windows Defender\MSASCuiL.exe [2017-09-29 630168]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-04-21 242392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2018-04-08 298296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2018-04-22 1624224]
"Zello"=C:\Program Files (x86)\Zello\Zello.exe [2018-04-04 6770320]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2018-05-24 18364648]
"cz.seznam.software.autoupdate"=C:\Users\Maverick\AppData\Roaming\Seznam.cz\szninstall.exe [2018-03-27 1069296]
"cz.seznam.software.szndesktop"=C:\Users\Maverick\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2018-03-27 109808]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-12-19 587288]
"AirBackupHelper"=C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2018-04-27 2445792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\Quoteex\Inchsolcore.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetSetupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SerCx2.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2
"EnableFullTrustStartupTasks"=2
"EnableUwpStartupTasks"=2
"SupportFullTrustStartupTasks"=1
"SupportUwpStartupTasks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-27 19:19:38 ----D---- C:\rsit
2018-05-27 19:19:38 ----D---- C:\Program Files\trend micro
2018-05-27 19:09:08 ----D---- C:\Users\Maverick\AppData\Roaming\Seznam.cz
2018-05-27 19:05:48 ----N---- C:\Windows\system32\trz88B.tmp
2018-05-27 19:05:44 ----D---- C:\Program Files\CCleaner
2018-05-27 18:59:45 ----D---- C:\Program Files (x86)\FastDataX
2018-05-27 18:59:17 ----D---- C:\Users\Maverick\AppData\Roaming\FastDataX
2018-05-27 18:58:51 ----D---- C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR
2018-05-27 18:58:51 ----D---- C:\Program Files (x86)\SvnSzzIscGyUC
2018-05-27 18:58:51 ----D---- C:\Program Files (x86)\NExnNAYCpUUn
2018-05-27 18:58:51 ----D---- C:\Program Files (x86)\EPVqpVJyVSWU2
2018-05-27 18:58:50 ----D---- C:\Program Files (x86)\JAcqddADqIE
2018-05-27 18:58:48 ----D---- C:\Program Files (x86)\KCGHGVOnU
2018-05-27 18:58:45 ----D---- C:\Users\Maverick\AppData\Roaming\System Healer
2018-05-27 18:58:45 ----D---- C:\ProgramData\97f29a35-8705-47de-97b4-45277a5a7676
2018-05-27 18:58:45 ----D---- C:\ProgramData\5ef56cd9-83de-4b9a-9c95-e64c97565d3e
2018-05-27 18:58:45 ----D---- C:\Program Files (x86)\SystemHealer
2018-05-27 18:58:37 ----D---- C:\Users\Maverick\AppData\Roaming\Mozilla
2018-05-27 18:58:36 ----D---- C:\Program Files (x86)\ssFanny
2018-05-27 18:58:34 ----D---- C:\Users\Maverick\AppData\Roaming\SystemHealer
2018-05-27 18:58:27 ----D---- C:\ProgramData\yahoochrome_D
2018-05-27 18:58:03 ----D---- C:\Users\Maverick\AppData\Roaming\WidModule
2018-05-27 18:58:02 ----D---- C:\Program Files\My Program
2018-05-27 18:58:02 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2018-05-27 18:57:53 ----D---- C:\ProgramData\Quoteexs
2018-05-27 18:57:48 ----D---- C:\Program Files (x86)\foldershare
2018-05-27 18:57:41 ----D---- C:\ProgramData\Logic Cramble
2018-05-27 18:57:36 ----D---- C:\ProgramData\Quoteex
2018-05-27 18:57:05 ----D---- C:\Users\Maverick\AppData\Roaming\Microleaves
2018-05-27 18:56:54 ----D---- C:\Users\Maverick\AppData\Roaming\ghqjp
2018-05-27 18:55:08 ----D---- C:\Users\Maverick\AppData\Roaming\Flight1 Aviation Technologies
2018-05-27 18:55:06 ----D---- C:\Windows\F1 GTN Complete
2018-05-27 18:54:51 ----A---- C:\Windows\F1 GTN Complete Setup Log.txt
2018-05-27 17:55:33 ----D---- C:\ProgramData\Isolated Storage
2018-05-27 17:55:18 ----D---- C:\Users\Maverick\AppData\Roaming\SPAD.neXt
2018-05-27 17:55:17 ----D---- C:\Program Files\SPAD.neXt
2018-05-27 16:29:03 ----D---- C:\Windows\Flight1 King Air B200 Complete
2018-05-27 16:26:50 ----A---- C:\Windows\Flight1 King Air B200 Complete Setup Log.txt
2018-05-17 14:12:58 ----A---- C:\Windows\system32\Notifier.exe
2018-05-14 14:17:11 ----A---- C:\Windows\system32\aswBoot.exe
2018-05-04 17:26:53 ----D---- C:\ProgramData\12bPilot
2018-05-04 16:58:00 ----D---- C:\Program Files (x86)\SimBin
2018-05-03 14:28:22 ----D---- C:\Program Files\iPod
2018-05-03 14:28:12 ----D---- C:\ProgramData\Apple Computer
2018-05-03 14:28:12 ----D---- C:\Program Files\iTunes
2018-05-03 14:27:59 ----D---- C:\Program Files (x86)\Apple Software Update
2018-05-03 14:27:52 ----D---- C:\Program Files\Bonjour
2018-05-03 14:27:52 ----D---- C:\Program Files (x86)\Bonjour
2018-05-03 14:27:46 ----D---- C:\Program Files\Common Files\Apple
2018-05-03 14:25:11 ----D---- C:\ProgramData\Apple
2018-05-03 14:21:38 ----D---- C:\Users\Maverick\AppData\Roaming\iMobie
2018-05-03 14:21:38 ----D---- C:\Users\Maverick\AppData\Roaming\Apple Computer
2018-05-03 14:20:21 ----D---- C:\Program Files (x86)\iMobie
2018-05-02 21:10:59 ----HD---- C:\$AV_ASW
2018-05-02 21:09:43 ----A---- C:\Windows\KMS-R@1nHook.dll
2018-05-02 21:09:43 ----A---- C:\Windows\KMS-R@1n.exe
2018-05-02 20:20:52 ----D---- C:\Program Files\Common Files\DESIGNER
2018-05-02 20:20:48 ----D---- C:\Program Files\Microsoft.NET
2018-05-02 20:20:48 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2018-05-02 20:20:43 ----D---- C:\Program Files (x86)\Mozilla Firefox
2018-05-02 20:20:40 ----D---- C:\Windows\PCHEALTH
2018-05-02 20:20:40 ----D---- C:\Program Files\Microsoft SQL Server
2018-05-02 20:19:41 ----D---- C:\Windows\SHELLNEW
2018-05-02 20:19:37 ----D---- C:\Program Files\Microsoft Analysis Services
2018-05-02 20:19:37 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2018-05-02 20:19:34 ----D---- C:\Program Files (x86)\Microsoft Office
2018-05-02 20:19:33 ----D---- C:\ProgramData\Microsoft Help
2018-05-02 20:19:28 ----RHD---- C:\MSOCache

======List of files/folders modified in the last 1 month======

2018-05-27 19:19:38 ----RD---- C:\Program Files
2018-05-27 19:19:12 ----D---- C:\Windows\Temp
2018-05-27 19:10:38 ----D---- C:\Windows\Prefetch
2018-05-27 19:10:24 ----RD---- C:\Program Files (x86)
2018-05-27 19:09:29 ----D---- C:\Windows\Tasks
2018-05-27 19:07:57 ----D---- C:\Windows\system32\drivers
2018-05-27 19:05:48 ----D---- C:\Windows\System32
2018-05-27 19:05:46 ----D---- C:\Windows\system32\Tasks
2018-05-27 18:58:45 ----HD---- C:\ProgramData
2018-05-27 18:58:18 ----SHD---- C:\Windows\Installer
2018-05-27 18:58:18 ----SD---- C:\ProgramData\Microsoft
2018-05-27 18:58:07 ----D---- C:\Windows\SysWOW64
2018-05-27 18:58:06 ----D---- C:\Program Files (x86)\Google
2018-05-27 18:58:01 ----D---- C:\Windows\system32\GroupPolicy
2018-05-27 18:57:49 ----SD---- C:\Users\Maverick\AppData\Roaming\Microsoft
2018-05-27 18:57:44 ----D---- C:\Program Files (x86)\Common Files
2018-05-27 18:55:08 ----D---- C:\Flight One Software
2018-05-27 18:55:06 ----D---- C:\Windows
2018-05-27 18:44:00 ----D---- C:\Windows\system32\sru
2018-05-27 17:32:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-05-27 17:32:25 ----D---- C:\Users\Maverick\AppData\Roaming\uTorrent
2018-05-27 17:15:46 ----D---- C:\Users\Maverick\AppData\Roaming\Flight One Software
2018-05-27 16:32:01 ----RSD---- C:\Windows\Fonts
2018-05-27 16:27:18 ----D---- C:\ProgramData\Package Cache
2018-05-27 16:27:16 ----SHD---- C:\System Volume Information
2018-05-27 16:11:58 ----D---- C:\Windows\system32\SleepStudy
2018-05-27 13:41:14 ----D---- C:\Windows\system32\LogFiles
2018-05-27 13:41:14 ----D---- C:\ProgramData\NVIDIA
2018-05-26 09:09:14 ----D---- C:\Windows\SYSWOW64\directx
2018-05-26 09:09:10 ----D---- C:\Windows\Logs
2018-05-26 08:40:34 ----RD---- C:\Windows\Microsoft.NET
2018-05-25 18:22:54 ----D---- C:\Windows\AppReadiness
2018-05-25 08:46:41 ----D---- C:\Windows\rescache
2018-05-24 22:08:32 ----D---- C:\Windows\DeliveryOptimization
2018-05-24 21:06:37 ----D---- C:\Windows\system32\config
2018-05-24 21:06:27 ----HD---- C:\Program Files\WindowsApps
2018-05-22 21:38:10 ----D---- C:\Windows\WinSxS
2018-05-22 21:38:10 ----D---- C:\Windows\SYSWOW64\cs-CZ
2018-05-22 21:38:10 ----D---- C:\Windows\system32\cs-CZ
2018-05-22 21:38:10 ----D---- C:\Windows\CbsTemp
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpwsockx.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnsvr.exe
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnlobby.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnhupnp.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnhpast.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnet.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnathlp.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpnaddr.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dpmodemx.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dplayx.dll
2018-05-22 21:38:09 ----A---- C:\Windows\SYSWOW64\dplaysvr.exe
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnsvr.exe
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnlobby.dll
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnhupnp.dll
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnhpast.dll
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnet.dll
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnathlp.dll
2018-05-22 21:38:09 ----A---- C:\Windows\system32\dpnaddr.dll
2018-05-21 17:14:37 ----D---- C:\Windows\system32\catroot2
2018-05-21 17:14:22 ----D---- C:\Windows\system32\restore
2018-05-21 17:01:53 ----HD---- C:\$WINDOWS.~BT
2018-05-21 17:00:28 ----D---- C:\Windows\Panther
2018-05-21 16:56:07 ----D---- C:\Windows\Registration
2018-05-20 16:46:26 ----D---- C:\Users\Maverick\AppData\Roaming\vlc
2018-05-14 14:28:19 ----D---- C:\Windows\INF
2018-05-14 14:28:14 ----D---- C:\Windows\LiveKernelReports
2018-05-14 14:15:59 ----A---- C:\Windows\system32\drivers\asw43960b4159fe3687.tmp
2018-05-08 21:04:38 ----D---- C:\Windows\system32\MRT
2018-05-08 21:03:28 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-05-08 21:03:25 ----AC---- C:\Windows\system32\MRT.exe
2018-05-05 16:46:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-05-04 16:57:52 ----RSD---- C:\Windows\assembly
2018-05-03 14:36:27 ----D---- C:\Windows\system32\drivers\UMDF
2018-05-03 14:28:53 ----D---- C:\Windows\system32\CatRoot
2018-05-03 14:27:58 ----D---- C:\Windows\system32\DriverStore
2018-05-03 14:27:46 ----D---- C:\Program Files\Common Files
2018-05-02 20:20:53 ----D---- C:\Program Files\Common Files\microsoft shared
2018-05-02 20:20:48 ----D---- C:\Program Files (x86)\Microsoft.NET
2018-05-02 20:20:46 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-05-02 20:20:40 ----D---- C:\Program Files\Microsoft Office
2018-05-02 20:19:53 ----A---- C:\Windows\win.ini
2018-05-02 20:19:52 ----D---- C:\Program Files\Common Files\system
2018-05-01 23:25:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [2018-04-21 199440]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswbloga.sys [2018-04-21 343752]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [2018-04-21 57680]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2018-05-14 85968]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2018-05-14 381552]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-101; C:\Windows\system32\drivers\iorate.sys [2017-09-29 56728]
R0 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\Windows\system32\drivers\mssecflt.sys [2017-09-30 293272]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2018-05-14 196640]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [2018-04-21 227504]
R1 aswHdsKe;aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [2018-05-14 234560]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2018-05-14 111360]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2018-05-14 1027720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2018-05-14 460520]
R1 bam;@%SystemRoot%\system32\drivers\bam.sys,-100; C:\Windows\system32\drivers\bam.sys [2018-03-30 59808]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\Windows\system32\drivers\filecrypt.sys [2017-09-29 55808]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\Windows\System32\drivers\gpuenergydrv.sys [2018-03-30 8192]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2018-05-14 159120]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2018-05-14 205976]
R2 CldFlt;Windows Cloud Files Filter Driver; C:\Windows\system32\drivers\cldflt.sys [2018-02-10 385536]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\Windows\system32\drivers\mmcss.sys [2017-09-29 43520]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\Windows\system32\drivers\storqosflt.sys [2018-03-30 79872]
R3 MEIx64;@oem5.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\TeeDriverW8x64.sys [2016-01-19 202032]
R3 NVHDA;@oem8.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2018-03-16 226760]
R3 nvlddmkm;nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [2018-03-25 17544792]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2018-03-16 59240]
R3 nvvhci;@oem11.inf,%ServiceDesc%;NVVHCI Enumerator Service; C:\Windows\System32\drivers\nvvhci.sys [2018-03-16 58816]
R3 rt640x64;@rt640x64.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\Windows\System32\drivers\rt640x64.sys [2017-09-29 604160]
S0 bttflt;@virtdisk.inf,%service_desc%;Microsoft Hyper-V VHDPMEM BTT Filter; C:\Windows\System32\drivers\bttflt.sys [2017-09-29 37784]
S0 cht4iscsi;cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [2017-09-29 357272]
S0 LSI_SAS2i;LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [2017-09-29 123800]
S0 LSI_SAS3i;LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [2017-09-29 103320]
S0 megasas2i;megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [2017-09-29 63520]
S0 percsas2i;percsas2i; C:\Windows\System32\drivers\percsas2i.sys [2017-09-29 58776]
S0 percsas3i;percsas3i; C:\Windows\System32\drivers\percsas3i.sys [2017-09-29 61848]
S0 Ramdisk;Windows RAM Disk Driver; C:\Windows\system32\DRIVERS\ramdisk.sys [2017-09-29 39832]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\Windows\System32\drivers\scmbus.sys [2017-09-29 118168]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\Windows\System32\drivers\storufs.sys [2018-02-22 45472]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\Windows\System32\drivers\AcpiDev.sys [2017-09-29 20480]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\Windows\system32\drivers\applockerfltr.sys [2017-09-29 18432]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\Windows\system32\drivers\AppvStrm.sys [2017-09-30 126872]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\Windows\system32\drivers\AppvVemgr.sys [2017-09-30 158616]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\Windows\system32\drivers\AppvVfs.sys [2017-09-30 143768]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2018-05-14 46968]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\Windows\System32\drivers\buttonconverter.sys [2017-09-29 39424]
S3 CAD;@ChargeArbitration.inf,%CAD_DevDesc%;Charge Arbitration Driver; C:\Windows\System32\drivers\CAD.sys [2017-09-29 60312]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\Windows\System32\drivers\capimg.sys [2017-09-29 122368]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\Windows\System32\drivers\genericusbfn.sys [2017-09-29 20992]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\Windows\System32\drivers\hidinterrupt.sys [2017-09-29 50584]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\Windows\system32\drivers\hvservice.sys [2018-03-30 73120]
S3 HwNClx0101;Microsoft Hardware Notifications Class Extension Driver; C:\Windows\System32\Drivers\mshwnclx.sys [2017-09-29 27136]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\Windows\System32\drivers\cht4vx64.sys [2017-09-29 1723288]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\Windows\System32\drivers\iagpio.sys [2017-09-29 36864]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\Windows\System32\drivers\iai2c.sys [2017-09-29 91648]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [2017-09-29 79360]
S3 iaLPSS2i_GPIO2_BXT_P;@iaLPSS2i_GPIO2_BXT_P.inf,%iaLPSS2i_GPIO2_BXT_P.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-09-29 88576]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [2017-09-29 171520]
S3 iaLPSS2i_I2C_BXT_P;@iaLPSS2i_I2C_BXT_P.inf,%iaLPSS2i_I2C_BXT_P.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\Windows\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-09-29 174592]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\Windows\System32\drivers\ibbus.sys [2017-09-29 526232]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\Windows\System32\drivers\IndirectKmd.sys [2017-09-29 39424]
S3 invdimm;@invdimm.inf,%invdimm.SvcDesc%;Microsoft iNVDIMM device driver; C:\Windows\System32\drivers\invdimm.sys [2017-09-29 38912]
S3 IPT;IPT; C:\Windows\System32\drivers\ipt.sys [2017-09-29 26112]
S3 irda;IrDA; C:\Windows\system32\drivers\irda.sys [2018-03-30 119808]
S3 mausbhost;@mausbhost.inf,%MAUSBHost.ServiceName%;MA-USB Host Controller Driver; C:\Windows\System32\drivers\mausbhost.sys [2017-09-29 505240]
S3 mausbip;@mausbhost.inf,%MAUSBIP.ServiceName%;MA-USB IP Filter Driver; C:\Windows\System32\drivers\mausbip.sys [2017-09-29 55840]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\Windows\System32\drivers\mlx4_bus.sys [2017-09-29 842648]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\Windows\System32\drivers\ndfltr.sys [2017-09-29 108952]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\Windows\system32\drivers\NetAdapterCx.sys [2017-09-29 132608]
S3 nvdimmn;@nvdimmn.inf,%nvdimmn.SvcDesc%;Microsoft NVDIMM-N device driver; C:\Windows\System32\drivers\nvdimmn.sys [2017-09-29 88576]
S3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2018-03-16 31168]
S3 pmem;@pmem.inf,%pmem.SvcDesc%;Microsoft persistent memory disk driver; C:\Windows\System32\drivers\pmem.sys [2017-09-29 100352]
S3 PNPMEM;@memory.inf,%PNPMEM.SvcDesc%;Microsoft Memory Module Driver; C:\Windows\System32\drivers\pnpmem.sys [2017-09-29 16896]
S3 ReFSv1;ReFSv1; C:\Windows\system32\drivers\ReFSv1.sys [2017-09-29 936856]
S3 rhproxy;@rhproxy.inf,%rhproxy.SVCDESC%;Resource Hub proxy driver; C:\Windows\System32\drivers\rhproxy.sys [2017-09-29 103936]
S3 SDFRd;@SDFRd.inf,%SDFRd.ServiceDesc%;SDF Reflector; C:\Windows\System32\drivers\SDFRd.sys [2017-09-29 33176]
S3 smbdirect;smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [2017-09-30 151552]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter; C:\Windows\System32\drivers\SpatialGraphFilter.sys [2017-09-30 56216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2018-03-29 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-04-21 313640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2015-08-12 462096]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 CDPUserSvc_198aa5be;Uživatelská služba platformy připojených zařízení_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R2 DusmSvc;@%SystemRoot%\System32\dusmsvc.dll,-1; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R2 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2018-04-22 1606152]
R2 KMS-R@1n;KMS-R@1n; C:\Windows\KMS-R@1n.exe [2018-05-02 26112]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-16 522688]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2018-03-24 464272]
R2 NvTelemetryContainer;NVIDIA Telemetry Container; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [2018-03-16 469952]
R2 OneSyncSvc_198aa5be;Hostitel synchronizace_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R2 SecurityHealthService;@%systemroot%\system32\SecurityHealthAgent.dll,-1002; C:\Windows\system32\SecurityHealthService.exe [2018-03-01 519152]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-04-21 7603408]
R3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2018-04-08 673592]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R3 PimIndexMaintenanceSvc_198aa5be;Data kontaktů_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\Windows\System32\svchost.exe [2017-09-29 48688]
R3 SEMgrSvc;@%SystemRoot%\System32\SEMgrSvc.dll,-1001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S2 gupdate;Služba Aktualizace Google (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 AssignedAccessManagerSvc;@%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 camsvc;@%SystemRoot%\system32\CapabilityAccessManager.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc;@%SystemRoot%\system32\DevicesFlowBroker.dll,-103; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 DevicesFlowUserSvc_198aa5be;Tok zařízení_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-09-29 85504]
S3 diagsvc;@%systemroot%\system32\DiagSvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2017-09-28 43648]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 GraphicsPerfSvc;@%SystemRoot%\system32\GraphicsPerfSvc.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 gupdatem;Služba Aktualizace Google (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 InstallService;@%SystemRoot%\system32\InstallService.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 IpxlatCfgSvc;@%Systemroot%\system32\ipxlatcfg.dll,-500; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 MessagingService_198aa5be;Služba zasílání zpráv_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NaturalAuthentication;@%systemroot%\system32\NaturalAuth.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-03-16 522688]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc;@%SystemRoot%\system32\PrintWorkflowService.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PrintWorkflowUserSvc_198aa5be;PrintWorkflow_198aa5be; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 PushToInstall;@%SystemRoot%\system32\pushtoinstall.dll,-200; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\Windows\System32\svchost.exe [2017-09-29 48688]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2017-12-14 4329952]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\Windows\System32\SensorDataService.exe [2017-09-29 1288704]
S3 SharedRealitySvc;@%SystemRoot%\system32\SharedRealitySvc.dll,-100; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\Windows\system32\svchost.exe [2017-09-29 48688]
S3 spectrum;@%systemroot%\system32\spectrum.exe,-101; C:\Windows\system32\spectrum.exe [2018-03-30 956416]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\Windows\system32\AppVClient.exe [2018-03-30 819104]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\Windows\System32\svchost.exe [2017-09-29 48688]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Dobrý večer, díky za rychlou reakci. Log je zde:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-22.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-27-2018
# Duration: 00:00:02
# OS: Windows 10 Pro
# Cleaned: 51
# Failed: 0

***** [ Services ] *****

Deleted Quoteex
Deleted saiyitechnology
Deleted backlh

***** [ Folders ] *****

Deleted C:\ProgramData\Quoteexs
Deleted C:\ProgramData\Logic Cramble
Deleted C:\Users\Maverick\AppData\Roaming\Microleaves
Deleted C:\Program Files (x86)\FastDataX
Deleted C:\Users\Maverick\AppData\Roaming\FastDataX
Deleted C:\Users\Maverick\AppData\Local\AdvinstAnalytics
Deleted C:\ProgramData\yahoochrome_D
Deleted C:\ProgramData\Quoteex
Deleted C:\Windows\Temp\Smartbar
Deleted C:\ProgramData\97f29a35-8705-47de-97b4-45277a5a7676
Deleted C:\ProgramData\5ef56cd9-83de-4b9a-9c95-e64c97565d3e
Deleted C:\Program Files (x86)\SystemHealer
Deleted C:\Users\Maverick\AppData\Roaming\SystemHealer
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
Deleted C:\Users\Maverick\AppData\Roaming\System Healer
Deleted C:\Users\Maverick\AppData\Roaming\WidModule

***** [ Files ] *****

Deleted C:\Users\Maverick\Desktop\Driver Updater.lnk
Deleted C:\Users\Maverick\appdata\local\installationconfiguration.xml
Deleted C:\Users\Maverick\AppData\Local\Main.dat
Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
Deleted C:\Users\Public\Desktop\Google Chrome.lnk
Deleted C:\Users\Maverick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Deleted C:\Users\Maverick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Deleted HKCU\Software\mtQuoteex
Deleted HKLM\Software\Wow6432Node\mtQuoteex
Deleted HKLM\Software\Wow6432Node\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs - "C:\ProgramData\Quoteex\Inchsolcore.dll"
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted HKLM\Software\Classes\CLSID\{C0D38E5A-7CF8-4105-8FE8-31B81443A114}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FastDataX_is1
Deleted HKCU\Software\FastDataX
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|pcspeedup
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted HKLM\Software\Wow6432Node\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\E3605470-291B-44EB-8648-745EE356599A
Deleted HKCU\Environment|SNP
Deleted HKCU\Environment|SNF
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1
Deleted HKCU\Software\System Healer
Deleted HKCU\Software\WidModule

***** [ Chromium (and derivatives) ] *****

Deleted Bazz Search SafeFinder

***** [ Chromium URLs ] *****

Deleted WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

OK. Teď dejte log FRST: https://forum.viry.cz/viewtopic.php?f=13&t=152707 .

Log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Maverick (administrator) on DESKTOP-JC793OT (27-05-2018 20:45:43)
Running from C:\Users\Maverick\Desktop
Loaded Profiles: Maverick (Available Profiles: Maverick)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\KMS-R@1n.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Zello Inc) C:\Program Files (x86)\Zello\Zello.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe\HxAccounts.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(forum.viry.cz) C:\Users\Maverick\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-14] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2445792 2018-04-27] (iMobie Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\Run: [Zello] => C:\Program Files (x86)\Zello\Zello.exe [6770320 2018-04-04] (Zello Inc)
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Maverick\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\RunOnce: [SeznamInstall-uninstall:59befb012d114fa4ccebd2663fe14232] => C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-05-27] () <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {030f01b0-5c33-11e8-a99b-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {a6b1b87c-456d-11e8-a994-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
GroupPolicy: Restriction - Windows Defender <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{cdeef081-2125-40f8-8108-5f80424e8c9a}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L1VcpOXzkPEkfwu34q1-r7T4gRlGDftDIg8XslmXIHflrWHmEZhPFtxu9BfKw3EubqGfRVoGzxJjjmA4ucajnLU4k,&q={searchTerms}
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoTG1nEZQLY5WtjQkIst6qNMzGAMfeaH0yZuod5Ift9wsVePVRRJcj9_ic7cWcEV6YpABRt1vJeW6L59F36l08Hii7udeGZzrIQg2tnYzrHZa2RZLm_RmUHQBsofYlIIjSfS1HFIlCWFk0aNmGd4wszbHgmY_hlXlDZTck,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1423555803-3506691326-3758177448-1001 -> DefaultScope {ielnksrch} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Prezentace) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
CHR Extension: (Dokumenty) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
CHR Extension: (Disk Google) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
CHR Extension: (YouTube) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
CHR Extension: (Avast SafePrice) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-18]
CHR Extension: (Tabulky) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-21]
CHR Extension: (Avast Online Security) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcmcehfddfnnnbaifjhkikddagchieg [2018-05-27]
CHR Extension: (Gmail) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR Extension: (System Table) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-05-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-14] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-14] (AVAST Software)
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-05-02] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-16] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-14] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-14] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-14] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-14] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-14] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-14] (AVAST Software)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-03-16] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 20:45 - 2018-05-27 20:45 - 000019017 _____ C:\Users\Maverick\Desktop\FRST.txt
2018-05-27 20:44 - 2018-05-27 20:44 - 000029696 _____ C:\Users\Maverick\AppData\Local\MSGBOX.EXE
2018-05-27 20:44 - 2018-05-27 20:44 - 000015327 _____ C:\Users\Maverick\Desktop\LM.bat
2018-05-27 20:43 - 2018-05-27 20:43 - 000112640 _____ (forum.viry.cz) C:\Users\Maverick\Desktop\FRSTLauncher.exe
2018-05-27 20:42 - 2018-05-27 20:45 - 000000000 ____D C:\FRST
2018-05-27 20:42 - 2018-05-27 20:42 - 002413056 _____ (Farbar) C:\Users\Maverick\Desktop\FRST64.exe
2018-05-27 20:41 - 2018-05-27 20:42 - 002413056 _____ (Farbar) C:\Users\Maverick\Downloads\FRST64.exe
2018-05-27 20:05 - 2018-05-27 20:05 - 007271632 _____ (Malwarebytes) C:\Users\Maverick\Downloads\Nepotvrzeno 879682.crdownload
2018-05-27 20:05 - 2018-05-27 20:05 - 000000270 __RSH C:\Users\Maverick\ntuser.pol
2018-05-27 20:02 - 2018-05-27 20:04 - 000000000 ____D C:\AdwCleaner
2018-05-27 20:02 - 2018-05-27 20:02 - 007271632 _____ (Malwarebytes) C:\Users\Maverick\Downloads\adwcleaner_7.1.1.exe
2018-05-27 19:19 - 2018-05-27 19:19 - 000000000 ____D C:\rsit
2018-05-27 19:19 - 2018-05-27 19:19 - 000000000 ____D C:\Program Files\trend micro
2018-05-27 19:18 - 2018-05-27 19:19 - 001222144 _____ C:\Users\Maverick\Downloads\RSITx64.exe
2018-05-27 19:09 - 2018-05-27 20:10 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Seznam.cz
2018-05-27 19:05 - 2018-05-27 19:05 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-27 19:05 - 2018-05-27 19:05 - 000002876 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-27 19:05 - 2018-05-27 19:05 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-27 19:05 - 2018-05-27 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-27 19:05 - 2018-05-27 19:05 - 000000000 ____D C:\Program Files\CCleaner
2018-05-27 19:05 - 2018-03-24 14:51 - 002990080 ____N C:\Windows\system32\trz88B.tmp
2018-05-27 19:04 - 2018-05-27 19:05 - 015838840 _____ (Piriform Ltd) C:\Users\Maverick\Downloads\ccsetup543 (1).exe
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\SvnSzzIscGyUC
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\ssFanny
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\KCGHGVOnU
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\JAcqddADqIE
2018-05-27 18:58 - 2018-05-27 19:07 - 000000000 ____D C:\Program Files (x86)\EPVqpVJyVSWU2
2018-05-27 18:58 - 2018-05-27 18:58 - 000003662 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-27 18:58 - 2018-05-27 18:58 - 000002488 __RSH C:\ProgramData\ntuser.pol
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Mozilla
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\My Program
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files (x86)\NExnNAYCpUUn
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-05-27 18:57 - 2018-05-27 19:10 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-05-27 18:57 - 2018-05-27 18:57 - 007611392 _____ C:\Users\Maverick\AppData\Local\agent.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Vianix.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Cofdex.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 001987678 _____ C:\Users\Maverick\AppData\Local\Cofdex.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 001895382 _____ C:\Users\Maverick\AppData\Local\Bionamit.bin
2018-05-27 18:57 - 2018-05-27 18:57 - 000929792 _____ C:\Users\Maverick\AppData\Local\sham.db
2018-05-27 18:57 - 2018-05-27 18:57 - 000278510 _____ C:\Users\Maverick\AppData\Local\Vianix.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 000140800 _____ C:\Users\Maverick\AppData\Local\installer.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000126464 _____ C:\Users\Maverick\AppData\Local\noah.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000070896 _____ C:\Users\Maverick\AppData\Local\Config.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000005568 _____ C:\Users\Maverick\AppData\Local\md.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000001106 _____ C:\Users\Maverick\Desktop\foldershare.lnk
2018-05-27 18:57 - 2018-05-27 18:57 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-05-27 18:56 - 2018-05-27 20:05 - 000001220 _____ C:\Users\Maverick\Desktop\Crossout - MMO action game.lnk
2018-05-27 18:56 - 2018-05-27 20:05 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\ghqjp
2018-05-27 18:56 - 2018-05-27 18:56 - 000001026 _____ C:\Users\Public\Desktop\Turbine Duke V2 P3D2 Config.lnk
2018-05-27 18:56 - 2018-05-27 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealAir Simulations
2018-05-27 18:55 - 2018-05-27 18:55 - 000001309 _____ C:\Users\Maverick\Desktop\Creating Flight Plan and User Waypoint Files for the Flight1 GTN.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001158 _____ C:\Users\Maverick\Desktop\Creating Checklists for the Flight1 GTN.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001093 _____ C:\Users\Maverick\Desktop\GTN_Setup_and_Users_Guide.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001045 _____ C:\Users\Maverick\Desktop\f1update_tool_readme.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001009 _____ C:\Users\Maverick\Desktop\F1TGTNConfigP3D .lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000000997 _____ C:\Users\Maverick\Desktop\F1UpdateTool.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Windows\F1 GTN Complete
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Flight1 Aviation Technologies
2018-05-27 18:54 - 2018-05-27 18:55 - 000015589 _____ C:\Windows\F1 GTN Complete Setup Log.txt
2018-05-27 18:54 - 2018-05-27 18:54 - 000002048 _____ C:\Windows\f1gtncp.lic
2018-05-27 17:55 - 2018-05-27 17:56 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:56 - 000000000 ____D C:\ProgramData\Isolated Storage
2018-05-27 17:55 - 2018-05-27 17:55 - 000000947 _____ C:\Users\Public\Desktop\SPAD.neXt Getting Started.lnk
2018-05-27 17:55 - 2018-05-27 17:55 - 000000867 _____ C:\Users\Public\Desktop\SPAD.neXt.lnk
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Maverick\Documents\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\Program Files\SPAD.neXt
2018-05-27 17:33 - 2018-05-27 17:33 - 000000000 ____D C:\Users\Maverick\Documents\Flight Simulator Files
2018-05-27 17:32 - 2018-05-27 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2018-05-27 17:15 - 2018-05-27 18:41 - 008127663 _____ C:\Users\Maverick\Documents\F1KingAirLog.txt
2018-05-27 16:32 - 2018-05-27 18:55 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software
2018-05-27 16:32 - 2018-05-27 16:32 - 000001531 _____ C:\Users\Maverick\Desktop\Flight1KingAir Android MFD Controller.lnk
2018-05-27 16:29 - 2018-05-27 16:29 - 000000000 ____D C:\Windows\Flight1 King Air B200 Complete
2018-05-27 16:26 - 2018-05-27 16:32 - 001728321 _____ C:\Windows\Flight1 King Air B200 Complete Setup Log.txt
2018-05-27 16:15 - 2018-05-27 16:15 - 004860008 _____ C:\Users\Maverick\Desktop\John_Eastwood_Oxford_Practice_Grammar_With_answers__1999.pdf
2018-05-26 09:09 - 2018-05-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\QualityWings
2018-05-26 09:09 - 2018-05-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QualityWings
2018-05-21 16:55 - 2018-05-21 16:55 - 000001908 _____ C:\Windows\diagwrn.xml
2018-05-21 16:55 - 2018-05-21 16:55 - 000001908 _____ C:\Windows\diagerr.xml
2018-05-17 14:12 - 2018-05-04 11:37 - 000278448 _____ (Microsoft Corporation) C:\Windows\system32\Notifier.exe
2018-05-14 16:35 - 2018-05-14 16:35 - 001718842 _____ C:\Users\Maverick\Desktop\ZS_SKA2016007_web.pdf
2018-05-14 16:31 - 2018-05-14 16:31 - 003126897 _____ C:\Users\Maverick\Desktop\ZS_SKA2016009_web.pdf
2018-05-14 14:17 - 2018-05-14 14:17 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-08 22:14 - 2018-05-08 22:14 - 000073135 _____ C:\Users\Maverick\Desktop\vstupenky Praha - Noc na Karlštejně -5222933.pdf
2018-05-08 22:08 - 2018-05-08 22:08 - 000073174 _____ C:\Users\Maverick\Desktop\vstupenky- Praha - Legenda jménem Holmes 5222928.pdf
2018-05-06 19:51 - 2018-05-06 19:51 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180506(1)
2018-05-06 19:49 - 2018-05-06 19:49 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180506
2018-05-06 19:05 - 2018-05-06 19:05 - 000000000 ____D C:\Users\Maverick\AppData\Local\Extra Software
2018-05-06 19:04 - 2018-05-06 19:04 - 000001312 _____ C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux Player.lnk
2018-05-06 19:04 - 2018-05-06 19:04 - 000000000 ____D C:\Users\Maverick\AppData\Local\Flux Player
2018-05-04 17:26 - 2018-05-04 17:26 - 000000000 ____D C:\ProgramData\12bPilot
2018-05-04 16:58 - 2018-05-04 16:58 - 000000643 _____ C:\Users\Maverick\Desktop\Volvo - The Game.lnk
2018-05-04 16:58 - 2018-05-04 16:58 - 000000000 ____D C:\Users\Maverick\Documents\SimBin
2018-05-04 16:58 - 2018-05-04 16:58 - 000000000 ____D C:\Program Files (x86)\SimBin
2018-05-03 14:41 - 2018-05-03 14:42 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180503
2018-05-03 14:41 - 2018-05-03 14:41 - 000000000 ____D C:\Users\Maverick\Documents\Temp
2018-05-03 14:36 - 2018-05-03 14:36 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-05-03 14:36 - 2018-05-03 14:36 - 000000000 ____D C:\Users\Maverick\AppData\Local\Apple Computer
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Users\Maverick\AppData\Local\Apple
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\ProgramData\Apple Computer
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Program Files\iTunes
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Program Files\iPod
2018-05-03 14:27 - 2018-05-03 14:27 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files\Bonjour
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-03 14:25 - 2018-05-03 14:27 - 000000000 ____D C:\ProgramData\Apple
2018-05-03 14:21 - 2018-05-03 14:43 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Apple Computer
2018-05-03 14:21 - 2018-05-03 14:31 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\iMobie
2018-05-03 14:21 - 2018-05-03 14:31 - 000000000 ____D C:\Users\Maverick\AppData\Local\iMobie_Inc
2018-05-03 14:20 - 2018-05-03 16:35 - 000113923 _____ C:\Users\Maverick\Desktop\Zápisník_Hanyk.xlsx
2018-05-03 14:20 - 2018-05-03 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2018-05-03 14:20 - 2018-05-03 14:20 - 000000000 ____D C:\Program Files (x86)\iMobie
2018-05-02 22:18 - 2018-05-27 20:32 - 000005260 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-JC793OT-Maverick DESKTOP-JC793OT
2018-05-02 21:10 - 2018-05-02 21:10 - 000000000 ___HD C:\$AV_ASW
2018-05-02 21:10 - 2018-05-02 21:10 - 000000000 ____D C:\Windows\System32\Tasks\R@1n-KMS
2018-05-02 21:10 - 2018-05-02 21:10 - 000000000 ____D C:\Users\Maverick\AppData\Local\mpress
2018-05-02 21:09 - 2018-05-02 21:09 - 000026112 _____ C:\Windows\KMS-R@1n.exe
2018-05-02 21:09 - 2018-05-02 21:09 - 000004096 _____ C:\Windows\KMS-R@1nHook.dll
2018-05-02 20:21 - 2018-05-02 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Windows\PCHEALTH
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-05-02 20:19 - 2018-05-27 18:57 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-05-02 20:19 - 2018-05-02 20:20 - 000000000 ____D C:\Windows\SHELLNEW
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 __RHD C:\MSOCache
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Users\Maverick\AppData\Local\Microsoft Help
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-05-02 15:22 - 2018-05-27 19:00 - 000007624 _____ C:\Users\Maverick\AppData\Local\Resmon.ResmonCfg
2018-04-30 10:05 - 2018-04-30 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Majestic Software
2018-04-30 08:49 - 2018-04-30 09:46 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Majestic Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 20:32 - 2018-04-21 15:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-27 20:11 - 2018-04-21 15:42 - 002073476 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-27 20:11 - 2017-09-30 16:30 - 000902710 _____ C:\Windows\system32\perfh005.dat
2018-05-27 20:11 - 2017-09-30 16:30 - 000197004 _____ C:\Windows\system32\perfc005.dat
2018-05-27 20:06 - 2018-04-21 15:42 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1423555803-3506691326-3758177448-1001
2018-05-27 20:06 - 2018-04-21 15:41 - 000002400 _____ C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-27 20:06 - 2018-04-21 15:41 - 000000000 ___RD C:\Users\Maverick\OneDrive
2018-05-27 20:05 - 2018-04-21 15:52 - 000000000 ____D C:\Users\Maverick\AppData\Local\Zello
2018-05-27 20:05 - 2018-04-21 15:42 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-27 20:05 - 2018-04-21 15:39 - 000000000 ____D C:\Users\Maverick
2018-05-27 20:05 - 2018-04-21 15:34 - 000409664 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-27 20:05 - 2018-04-21 15:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-27 20:04 - 2018-04-21 15:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-27 20:04 - 2018-04-21 15:51 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-27 20:04 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-05-27 18:59 - 2018-04-21 15:54 - 000000000 ____D C:\Users\Maverick\AppData\Local\CrashDumps
2018-05-27 18:58 - 2018-04-21 15:51 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-27 18:58 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\GroupPolicy
2018-05-27 18:55 - 2018-04-22 11:11 - 000000000 ____D C:\Flight One Software
2018-05-27 17:51 - 2018-04-21 15:49 - 000000000 ____D C:\Users\Maverick\Desktop\Programy
2018-05-27 17:32 - 2018-04-21 19:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-27 17:32 - 2018-04-21 15:54 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\uTorrent
2018-05-27 17:15 - 2018-04-21 19:16 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Flight One Software
2018-05-27 16:27 - 2018-04-21 15:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-26 09:09 - 2018-04-22 11:17 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-25 18:22 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-25 08:46 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-05-24 22:08 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-24 21:06 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-22 21:38 - 2017-09-29 15:41 - 000464896 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-05-22 21:38 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp
2018-05-22 14:50 - 2018-04-21 15:39 - 000000000 ____D C:\Users\Maverick\AppData\Local\Packages
2018-05-21 17:01 - 2018-04-12 18:55 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-21 17:00 - 2018-04-21 16:33 - 000000000 ____D C:\Windows\Panther
2018-05-21 17:00 - 2017-09-29 10:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-21 16:56 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Registration
2018-05-21 15:06 - 2018-04-21 16:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-05-21 15:06 - 2018-04-21 15:51 - 000003400 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-21 15:06 - 2018-04-21 15:51 - 000003176 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-21 15:06 - 2018-04-21 15:47 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000003176 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000003140 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-20 16:46 - 2018-04-22 17:30 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\vlc
2018-05-14 14:28 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-05-14 14:28 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-05-14 14:17 - 2018-04-21 16:01 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-08 21:04 - 2018-04-21 16:35 - 000000000 ____D C:\Windows\system32\MRT
2018-05-08 21:03 - 2018-04-21 16:35 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-08 21:03 - 2018-04-21 16:35 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-07 21:40 - 2018-04-21 15:49 - 000000000 ____D C:\Users\Maverick\AppData\Local\NVIDIA
2018-05-04 17:43 - 2018-04-21 16:48 - 000000000 ____D C:\Users\Maverick\Documents\Prepar3D v4 Add-ons
2018-05-03 17:57 - 2018-04-21 19:44 - 000000000 ____D C:\Users\Maverick\AppData\Local\Orbx
2018-05-03 12:43 - 2018-04-21 16:48 - 000000000 ____D C:\Users\Maverick\Documents\Prepar3D v4 Files
2018-05-02 20:20 - 2018-04-22 11:17 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-02 20:20 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-02 20:20 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-02 20:19 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini
2018-05-02 20:19 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-01 23:25 - 2017-09-29 15:49 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:25 - 2017-09-29 15:49 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-05-27 18:57 - 2018-05-27 18:57 - 007611392 _____ () C:\Users\Maverick\AppData\Local\agent.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 001895382 _____ () C:\Users\Maverick\AppData\Local\Bionamit.bin
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Cofdex.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 001987678 _____ () C:\Users\Maverick\AppData\Local\Cofdex.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 000070896 _____ () C:\Users\Maverick\AppData\Local\Config.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000140800 _____ () C:\Users\Maverick\AppData\Local\installer.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000005568 _____ () C:\Users\Maverick\AppData\Local\md.xml
2018-05-27 20:44 - 2018-05-27 20:44 - 000029696 _____ () C:\Users\Maverick\AppData\Local\MSGBOX.EXE
2018-05-27 18:57 - 2018-05-27 18:57 - 000126464 _____ () C:\Users\Maverick\AppData\Local\noah.dat
2018-05-02 15:22 - 2018-05-27 19:00 - 000007624 _____ () C:\Users\Maverick\AppData\Local\Resmon.ResmonCfg
2018-05-27 18:57 - 2018-05-27 18:57 - 000929792 _____ () C:\Users\Maverick\AppData\Local\sham.db
2018-05-27 18:57 - 2018-05-27 18:57 - 000032038 _____ () C:\Users\Maverick\AppData\Local\uninstall_temp.ico
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Vianix.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 000278510 _____ () C:\Users\Maverick\AppData\Local\Vianix.tst

Files to move or delete:
====================
C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

Some files in TEMP:
====================
2018-05-27 18:58 - 2018-05-27 18:58 - 001537832 _____ (BANANA SUMMER LIMITED) C:\Users\Maverick\AppData\Local\Temp\1527440306tmp.exe
2018-05-27 18:58 - 2018-05-27 18:58 - 000375522 _____ ( ) C:\Users\Maverick\AppData\Local\Temp\gi0mtgd2soy.exe
2018-05-26 09:09 - 2018-05-26 09:09 - 015301888 _____ (Microsoft Corporation) C:\Users\Maverick\AppData\Local\Temp\tmp807B.tmp.exe
2018-05-27 20:10 - 2018-05-27 20:10 - 000534528 _____ () C:\Users\Maverick\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-25 08:46

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
C:\Program Files\Bonjour
C:\Windows\KMS-R@1n.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\RunOnce: [SeznamInstall-uninstall:59befb012d114fa4ccebd2663fe14232] => C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-05-27] () <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {030f01b0-5c33-11e8-a99b-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {a6b1b87c-456d-11e8-a994-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... jnLU4k,&q={searchTerms}
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... _hlXlDZTck,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1423555803-3506691326-3758177448-1001 -> DefaultScope {ielnksrch} URL =
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-05-02] () [File not signed]
C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR
C:\Program Files (x86)\SvnSzzIscGyUC
C:\Program Files (x86)\ssFanny
C:\Program Files (x86)\KCGHGVOnU
C:\Program Files (x86)\JAcqddADqIE
C:\Program Files (x86)\EPVqpVJyVSWU2
C:\Windows\System32\Tasks\R@1n-KMS
C:\Windows\KMS-R@1n.exe
C:\Windows\KMS-R@1nHook.dll
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Maverick\AppData\Local\Temp

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Po provedení se nezobrazil log, ale výzva k restartu. Teď teda nevím, co budete chtít dál, takže dávám fixlog.txt a hned potom nový log frst.txt,

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Maverick (27-05-2018 21:13:34) Run:1
Running from C:\Users\Maverick\Desktop
Loaded Profiles: Maverick (Available Profiles: Maverick)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
C:\Program Files\Bonjour
C:\Windows\KMS-R@1n.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\RunOnce: [SeznamInstall-uninstall:59befb012d114fa4ccebd2663fe14232] => C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe [534528 2018-05-27] () <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {030f01b0-5c33-11e8-a99b-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {a6b1b87c-456d-11e8-a994-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%7 ... jnLU4k,&q={searchTerms}
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72 ... _hlXlDZTck,
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1423555803-3506691326-3758177448-1001 -> DefaultScope {ielnksrch} URL =
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2018-05-02] () [File not signed]
C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR
C:\Program Files (x86)\SvnSzzIscGyUC
C:\Program Files (x86)\ssFanny
C:\Program Files (x86)\KCGHGVOnU
C:\Program Files (x86)\JAcqddADqIE
C:\Program Files (x86)\EPVqpVJyVSWU2
C:\Windows\System32\Tasks\R@1n-KMS
C:\Windows\KMS-R@1n.exe
C:\Windows\KMS-R@1nHook.dll
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Maverick\AppData\Local\Temp

EmptyTemp:
End
*****************

Processes closed successfully.
C:\Program Files\Bonjour => moved successfully
C:\Windows\KMS-R@1n.exe => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
"HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SeznamInstall-uninstall:59befb012d114fa4ccebd2663fe14232" => removed successfully
"HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{030f01b0-5c33-11e8-a99b-d050995a358e}" => removed successfully
HKLM\Software\Classes\CLSID\{030f01b0-5c33-11e8-a99b-d050995a358e} => not found
"HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b1b87c-456d-11e8-a994-d050995a358e}" => removed successfully
HKLM\Software\Classes\CLSID\{a6b1b87c-456d-11e8-a994-d050995a358e} => not found
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\System\CurrentControlSet\Services\KMS-R@1n" => removed successfully
KMS-R@1n => service removed successfully
C:\Program Files (x86)\VfXyqasRzlGpJFtgwyR => moved successfully
C:\Program Files (x86)\SvnSzzIscGyUC => moved successfully
C:\Program Files (x86)\ssFanny => moved successfully
C:\Program Files (x86)\KCGHGVOnU => moved successfully
C:\Program Files (x86)\JAcqddADqIE => moved successfully
C:\Program Files (x86)\EPVqpVJyVSWU2 => moved successfully
C:\Windows\System32\Tasks\R@1n-KMS => moved successfully
"C:\Windows\KMS-R@1n.exe" => not found
C:\Windows\KMS-R@1nHook.dll => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Maverick\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => moved successfully
C:\Users\Maverick\AppData\Local\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60842670 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4161574 B
Edge => 1805030 B
Chrome => 759450208 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 14746 B
NetworkService => 1414 B
Maverick => 1074262 B

RecycleBin => 13709918 B
EmptyTemp: => 809.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 21:13:55 ====

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Maverick (administrator) on DESKTOP-JC793OT (27-05-2018 21:20:15)
Running from C:\Users\Maverick\Desktop
Loaded Profiles: Maverick (Available Profiles: Maverick)
Platform: Windows 10 Pro Version 1709 16299.371 (X64) Language: Čeština (Česko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Zello Inc) C:\Program Files (x86)\Zello\Zello.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Maverick\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.428_none_1704c21831ffb4a8\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-14] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-04-08] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [AirBackupHelper] => C:\Program Files (x86)\iMobie\AnyTrans\AirBackupHelper.exe [2445792 2018-04-27] (iMobie Inc.)
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\Run: [Zello] => C:\Program Files (x86)\Zello\Zello.exe [6770320 2018-04-04] (Zello Inc)
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18364648 2018-05-24] (Piriform Ltd)
HKU\S-1-5-21-1423555803-3506691326-3758177448-1001\...\MountPoints2: {a6b1b87c-456d-11e8-a994-d050995a358e} - "P:\WD SmartWare.exe" autoplay=true

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll => No File
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{cdeef081-2125-40f8-8108-5f80424e8c9a}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-04-21] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-04-21] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-04-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)

Chrome:
=======
CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default [2018-05-27]
CHR Extension: (Prezentace) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-21]
CHR Extension: (Dokumenty) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-21]
CHR Extension: (Disk Google) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-04-21]
CHR Extension: (YouTube) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-04-21]
CHR Extension: (Avast SafePrice) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-05-18]
CHR Extension: (Tabulky) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-04-21]
CHR Extension: (Avast Online Security) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-04-21]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-21]
CHR Extension: (Adblocker pro Youtube™) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcmcehfddfnnnbaifjhkikddagchieg [2018-05-27]
CHR Extension: (Gmail) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-04-21]
CHR Extension: (Chrome Media Router) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR Extension: (System Table) - C:\Users\Maverick\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-05-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-03-29] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-14] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-14] (AVAST Software)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-16] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-03-16] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-12-14] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [196640 2018-05-14] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [227504 2018-04-21] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [199440 2018-04-21] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343752 2018-04-21] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57680 2018-04-21] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [234560 2018-05-14] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46968 2018-05-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159120 2018-05-14] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111360 2018-05-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-05-14] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027720 2018-05-14] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [460520 2018-05-14] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [205976 2018-05-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381552 2018-05-14] (AVAST Software)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-03-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2018-03-16] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-03-16] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 21:20 - 2018-05-27 21:20 - 000016139 _____ C:\Users\Maverick\Desktop\FRST.txt
2018-05-27 21:13 - 2018-05-27 21:13 - 000005668 _____ C:\Users\Maverick\Desktop\Fixlog.txt
2018-05-27 20:43 - 2018-05-27 20:43 - 000112640 _____ (forum.viry.cz) C:\Users\Maverick\Desktop\FRSTLauncher.exe
2018-05-27 20:42 - 2018-05-27 21:20 - 000000000 ____D C:\FRST
2018-05-27 20:42 - 2018-05-27 20:42 - 002413056 _____ (Farbar) C:\Users\Maverick\Desktop\FRST64.exe
2018-05-27 20:41 - 2018-05-27 20:42 - 002413056 _____ (Farbar) C:\Users\Maverick\Downloads\FRST64.exe
2018-05-27 20:05 - 2018-05-27 21:15 - 000000008 __RSH C:\Users\Maverick\ntuser.pol
2018-05-27 20:05 - 2018-05-27 20:05 - 007271632 _____ (Malwarebytes) C:\Users\Maverick\Downloads\Nepotvrzeno 879682.crdownload
2018-05-27 20:02 - 2018-05-27 20:04 - 000000000 ____D C:\AdwCleaner
2018-05-27 20:02 - 2018-05-27 20:02 - 007271632 _____ (Malwarebytes) C:\Users\Maverick\Downloads\adwcleaner_7.1.1.exe
2018-05-27 19:19 - 2018-05-27 19:19 - 000000000 ____D C:\rsit
2018-05-27 19:19 - 2018-05-27 19:19 - 000000000 ____D C:\Program Files\trend micro
2018-05-27 19:18 - 2018-05-27 19:19 - 001222144 _____ C:\Users\Maverick\Downloads\RSITx64.exe
2018-05-27 19:09 - 2018-05-27 20:10 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Seznam.cz
2018-05-27 19:05 - 2018-05-27 19:05 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-05-27 19:05 - 2018-05-27 19:05 - 000002876 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-05-27 19:05 - 2018-05-27 19:05 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-27 19:05 - 2018-05-27 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-27 19:05 - 2018-05-27 19:05 - 000000000 ____D C:\Program Files\CCleaner
2018-05-27 19:05 - 2018-03-24 14:51 - 002990080 ____N C:\Windows\system32\trz88B.tmp
2018-05-27 19:04 - 2018-05-27 19:05 - 015838840 _____ (Piriform Ltd) C:\Users\Maverick\Downloads\ccsetup543 (1).exe
2018-05-27 18:58 - 2018-05-27 21:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2018-05-27 18:58 - 2018-05-27 18:58 - 000003662 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Mozilla
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files\My Program
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files (x86)\NExnNAYCpUUn
2018-05-27 18:58 - 2018-05-27 18:58 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2018-05-27 18:57 - 2018-05-27 19:10 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-05-27 18:57 - 2018-05-27 18:57 - 007611392 _____ C:\Users\Maverick\AppData\Local\agent.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Vianix.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Cofdex.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 001987678 _____ C:\Users\Maverick\AppData\Local\Cofdex.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 001895382 _____ C:\Users\Maverick\AppData\Local\Bionamit.bin
2018-05-27 18:57 - 2018-05-27 18:57 - 000929792 _____ C:\Users\Maverick\AppData\Local\sham.db
2018-05-27 18:57 - 2018-05-27 18:57 - 000278510 _____ C:\Users\Maverick\AppData\Local\Vianix.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 000140800 _____ C:\Users\Maverick\AppData\Local\installer.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000126464 _____ C:\Users\Maverick\AppData\Local\noah.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000070896 _____ C:\Users\Maverick\AppData\Local\Config.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000005568 _____ C:\Users\Maverick\AppData\Local\md.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000001106 _____ C:\Users\Maverick\Desktop\foldershare.lnk
2018-05-27 18:57 - 2018-05-27 18:57 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-05-27 18:56 - 2018-05-27 20:05 - 000001220 _____ C:\Users\Maverick\Desktop\Crossout - MMO action game.lnk
2018-05-27 18:56 - 2018-05-27 20:05 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\ghqjp
2018-05-27 18:56 - 2018-05-27 18:56 - 000001026 _____ C:\Users\Public\Desktop\Turbine Duke V2 P3D2 Config.lnk
2018-05-27 18:56 - 2018-05-27 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealAir Simulations
2018-05-27 18:55 - 2018-05-27 21:08 - 2390065886 _____ C:\Users\Maverick\Downloads\GTN_GDU620PCTrainer_6211.zip
2018-05-27 18:55 - 2018-05-27 18:55 - 000001309 _____ C:\Users\Maverick\Desktop\Creating Flight Plan and User Waypoint Files for the Flight1 GTN.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001158 _____ C:\Users\Maverick\Desktop\Creating Checklists for the Flight1 GTN.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001093 _____ C:\Users\Maverick\Desktop\GTN_Setup_and_Users_Guide.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001045 _____ C:\Users\Maverick\Desktop\f1update_tool_readme.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000001009 _____ C:\Users\Maverick\Desktop\F1TGTNConfigP3D .lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000000997 _____ C:\Users\Maverick\Desktop\F1UpdateTool.lnk
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Windows\F1 GTN Complete
2018-05-27 18:55 - 2018-05-27 18:55 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Flight1 Aviation Technologies
2018-05-27 18:54 - 2018-05-27 18:55 - 000015589 _____ C:\Windows\F1 GTN Complete Setup Log.txt
2018-05-27 18:54 - 2018-05-27 18:54 - 000002048 _____ C:\Windows\f1gtncp.lic
2018-05-27 17:55 - 2018-05-27 17:56 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:56 - 000000000 ____D C:\ProgramData\Isolated Storage
2018-05-27 17:55 - 2018-05-27 17:55 - 000000947 _____ C:\Users\Public\Desktop\SPAD.neXt Getting Started.lnk
2018-05-27 17:55 - 2018-05-27 17:55 - 000000867 _____ C:\Users\Public\Desktop\SPAD.neXt.lnk
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\Users\Maverick\Documents\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPAD.neXt
2018-05-27 17:55 - 2018-05-27 17:55 - 000000000 ____D C:\Program Files\SPAD.neXt
2018-05-27 17:33 - 2018-05-27 17:33 - 000000000 ____D C:\Users\Maverick\Documents\Flight Simulator Files
2018-05-27 17:32 - 2018-05-27 17:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight
2018-05-27 17:15 - 2018-05-27 18:41 - 008127663 _____ C:\Users\Maverick\Documents\F1KingAirLog.txt
2018-05-27 16:32 - 2018-05-27 18:55 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software
2018-05-27 16:32 - 2018-05-27 16:32 - 000001531 _____ C:\Users\Maverick\Desktop\Flight1KingAir Android MFD Controller.lnk
2018-05-27 16:29 - 2018-05-27 16:29 - 000000000 ____D C:\Windows\Flight1 King Air B200 Complete
2018-05-27 16:26 - 2018-05-27 16:32 - 001728321 _____ C:\Windows\Flight1 King Air B200 Complete Setup Log.txt
2018-05-27 16:15 - 2018-05-27 16:15 - 004860008 _____ C:\Users\Maverick\Desktop\John_Eastwood_Oxford_Practice_Grammar_With_answers__1999.pdf
2018-05-26 09:09 - 2018-05-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\QualityWings
2018-05-26 09:09 - 2018-05-26 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QualityWings
2018-05-21 16:55 - 2018-05-21 16:55 - 000001908 _____ C:\Windows\diagwrn.xml
2018-05-21 16:55 - 2018-05-21 16:55 - 000001908 _____ C:\Windows\diagerr.xml
2018-05-17 14:12 - 2018-05-04 11:37 - 000278448 _____ (Microsoft Corporation) C:\Windows\system32\Notifier.exe
2018-05-14 16:35 - 2018-05-14 16:35 - 001718842 _____ C:\Users\Maverick\Desktop\ZS_SKA2016007_web.pdf
2018-05-14 16:31 - 2018-05-14 16:31 - 003126897 _____ C:\Users\Maverick\Desktop\ZS_SKA2016009_web.pdf
2018-05-14 14:17 - 2018-05-14 14:17 - 000376536 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2018-05-08 22:14 - 2018-05-08 22:14 - 000073135 _____ C:\Users\Maverick\Desktop\vstupenky Praha - Noc na Karlštejně -5222933.pdf
2018-05-08 22:08 - 2018-05-08 22:08 - 000073174 _____ C:\Users\Maverick\Desktop\vstupenky- Praha - Legenda jménem Holmes 5222928.pdf
2018-05-06 19:51 - 2018-05-06 19:51 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180506(1)
2018-05-06 19:49 - 2018-05-06 19:49 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180506
2018-05-06 19:05 - 2018-05-06 19:05 - 000000000 ____D C:\Users\Maverick\AppData\Local\Extra Software
2018-05-06 19:04 - 2018-05-06 19:04 - 000001312 _____ C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux Player.lnk
2018-05-06 19:04 - 2018-05-06 19:04 - 000000000 ____D C:\Users\Maverick\AppData\Local\Flux Player
2018-05-04 17:26 - 2018-05-04 17:26 - 000000000 ____D C:\ProgramData\12bPilot
2018-05-04 16:58 - 2018-05-04 16:58 - 000000643 _____ C:\Users\Maverick\Desktop\Volvo - The Game.lnk
2018-05-04 16:58 - 2018-05-04 16:58 - 000000000 ____D C:\Users\Maverick\Documents\SimBin
2018-05-04 16:58 - 2018-05-04 16:58 - 000000000 ____D C:\Program Files (x86)\SimBin
2018-05-03 14:41 - 2018-05-03 14:42 - 000000000 ____D C:\Users\Maverick\Documents\AnyTrans for iOS-Export-20180503
2018-05-03 14:41 - 2018-05-03 14:41 - 000000000 ____D C:\Users\Maverick\Documents\Temp
2018-05-03 14:36 - 2018-05-03 14:36 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-05-03 14:36 - 2018-05-03 14:36 - 000000000 ____D C:\Users\Maverick\AppData\Local\Apple Computer
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Windows\System32\Tasks\Apple
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Users\Maverick\AppData\Local\Apple
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\ProgramData\Apple Computer
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Program Files\iTunes
2018-05-03 14:28 - 2018-05-03 14:28 - 000000000 ____D C:\Program Files\iPod
2018-05-03 14:27 - 2018-05-03 14:27 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-05-03 14:27 - 2018-05-03 14:27 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-05-03 14:25 - 2018-05-03 14:27 - 000000000 ____D C:\ProgramData\Apple
2018-05-03 14:21 - 2018-05-03 14:43 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Apple Computer
2018-05-03 14:21 - 2018-05-03 14:31 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\iMobie
2018-05-03 14:21 - 2018-05-03 14:31 - 000000000 ____D C:\Users\Maverick\AppData\Local\iMobie_Inc
2018-05-03 14:20 - 2018-05-03 16:35 - 000113923 _____ C:\Users\Maverick\Desktop\Zápisník_Hanyk.xlsx
2018-05-03 14:20 - 2018-05-03 14:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2018-05-03 14:20 - 2018-05-03 14:20 - 000000000 ____D C:\Program Files (x86)\iMobie
2018-05-02 22:18 - 2018-05-27 20:32 - 000005260 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-JC793OT-Maverick DESKTOP-JC793OT
2018-05-02 21:10 - 2018-05-02 21:10 - 000000000 ___HD C:\$AV_ASW
2018-05-02 21:10 - 2018-05-02 21:10 - 000000000 ____D C:\Users\Maverick\AppData\Local\mpress
2018-05-02 20:21 - 2018-05-02 20:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Windows\PCHEALTH
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-02 20:20 - 2018-05-02 20:20 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2018-05-02 20:19 - 2018-05-27 18:57 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2018-05-02 20:19 - 2018-05-02 20:20 - 000000000 ____D C:\Windows\SHELLNEW
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 __RHD C:\MSOCache
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Users\Maverick\AppData\Local\Microsoft Help
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-05-02 20:19 - 2018-05-02 20:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2018-05-02 15:22 - 2018-05-27 20:50 - 000007624 _____ C:\Users\Maverick\AppData\Local\Resmon.ResmonCfg
2018-04-30 10:05 - 2018-04-30 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Majestic Software
2018-04-30 08:49 - 2018-04-30 09:46 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Majestic Software

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-27 21:15 - 2018-04-21 15:52 - 000000000 ____D C:\Users\Maverick\AppData\Local\Zello
2018-05-27 21:15 - 2018-04-21 15:42 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-27 21:15 - 2018-04-21 15:39 - 000000000 ____D C:\Users\Maverick
2018-05-27 21:14 - 2018-04-21 15:34 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-27 21:14 - 2017-09-29 10:45 - 000524288 _____ C:\Windows\system32\config\BBI
2018-05-27 21:13 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\system32\GroupPolicy
2018-05-27 21:06 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-05-27 20:32 - 2018-04-21 15:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-27 20:11 - 2018-04-21 15:42 - 002073476 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-27 20:11 - 2017-09-30 16:30 - 000902710 _____ C:\Windows\system32\perfh005.dat
2018-05-27 20:11 - 2017-09-30 16:30 - 000197004 _____ C:\Windows\system32\perfc005.dat
2018-05-27 20:06 - 2018-04-21 15:42 - 000003384 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1423555803-3506691326-3758177448-1001
2018-05-27 20:06 - 2018-04-21 15:41 - 000002400 _____ C:\Users\Maverick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-27 20:06 - 2018-04-21 15:41 - 000000000 ___RD C:\Users\Maverick\OneDrive
2018-05-27 20:05 - 2018-04-21 15:34 - 000409664 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-27 20:04 - 2018-04-21 15:51 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-27 20:04 - 2018-04-21 15:51 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-05-27 18:59 - 2018-04-21 15:54 - 000000000 ____D C:\Users\Maverick\AppData\Local\CrashDumps
2018-05-27 18:58 - 2018-04-21 15:51 - 000000000 ____D C:\Program Files (x86)\Google
2018-05-27 18:55 - 2018-04-22 11:11 - 000000000 ____D C:\Flight One Software
2018-05-27 17:51 - 2018-04-21 15:49 - 000000000 ____D C:\Users\Maverick\Desktop\Programy
2018-05-27 17:32 - 2018-04-21 19:00 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-27 17:32 - 2018-04-21 15:54 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\uTorrent
2018-05-27 17:15 - 2018-04-21 19:16 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\Flight One Software
2018-05-27 16:27 - 2018-04-21 15:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-26 09:09 - 2018-04-22 11:17 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-05-25 18:22 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\AppReadiness
2018-05-25 08:46 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\rescache
2018-05-24 21:06 - 2017-09-29 15:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-22 21:38 - 2017-09-29 15:41 - 000464896 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000067584 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000026624 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2018-05-22 21:38 - 2017-09-29 15:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000010240 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnlobby.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\dpnaddr.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnlobby.dll
2018-05-22 21:38 - 2017-09-29 15:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnaddr.dll
2018-05-22 21:38 - 2017-09-29 15:37 - 000000000 ____D C:\Windows\CbsTemp
2018-05-22 14:50 - 2018-04-21 15:39 - 000000000 ____D C:\Users\Maverick\AppData\Local\Packages
2018-05-21 17:01 - 2018-04-12 18:55 - 000000000 ___HD C:\$WINDOWS.~BT
2018-05-21 17:00 - 2018-04-21 16:33 - 000000000 ____D C:\Windows\Panther
2018-05-21 17:00 - 2017-09-29 10:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-21 16:56 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\Registration
2018-05-21 15:06 - 2018-04-21 16:01 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-05-21 15:06 - 2018-04-21 15:47 - 000003398 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000003176 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000003140 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002984 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002956 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002914 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002838 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 15:06 - 2018-04-21 15:47 - 000002744 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-20 16:46 - 2018-04-22 17:30 - 000000000 ____D C:\Users\Maverick\AppData\Roaming\vlc
2018-05-14 14:28 - 2017-09-29 15:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-05-14 14:28 - 2017-09-29 15:44 - 000000000 ____D C:\Windows\INF
2018-05-14 14:17 - 2018-04-21 16:01 - 001027720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000460520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000381552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000234560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000205976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000196640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000159120 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000111360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000085968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000046968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2018-05-14 14:17 - 2018-04-21 16:01 - 000003990 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-05-08 21:04 - 2018-04-21 16:35 - 000000000 ____D C:\Windows\system32\MRT
2018-05-08 21:03 - 2018-04-21 16:35 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-08 21:03 - 2018-04-21 16:35 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-07 21:40 - 2018-04-21 15:49 - 000000000 ____D C:\Users\Maverick\AppData\Local\NVIDIA
2018-05-04 17:43 - 2018-04-21 16:48 - 000000000 ____D C:\Users\Maverick\Documents\Prepar3D v4 Add-ons
2018-05-03 17:57 - 2018-04-21 19:44 - 000000000 ____D C:\Users\Maverick\AppData\Local\Orbx
2018-05-03 12:43 - 2018-04-21 16:48 - 000000000 ____D C:\Users\Maverick\Documents\Prepar3D v4 Files
2018-05-02 20:20 - 2018-04-22 11:17 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-02 20:20 - 2017-09-29 15:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-02 20:20 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-02 20:19 - 2017-09-29 15:46 - 000000167 _____ C:\Windows\win.ini
2018-05-02 20:19 - 2017-09-29 15:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-01 23:25 - 2017-09-29 15:49 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:25 - 2017-09-29 15:49 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-05-27 18:57 - 2018-05-27 18:57 - 007611392 _____ () C:\Users\Maverick\AppData\Local\agent.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 001895382 _____ () C:\Users\Maverick\AppData\Local\Bionamit.bin
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Cofdex.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 001987678 _____ () C:\Users\Maverick\AppData\Local\Cofdex.tst
2018-05-27 18:57 - 2018-05-27 18:57 - 000070896 _____ () C:\Users\Maverick\AppData\Local\Config.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000140800 _____ () C:\Users\Maverick\AppData\Local\installer.dat
2018-05-27 18:57 - 2018-05-27 18:57 - 000005568 _____ () C:\Users\Maverick\AppData\Local\md.xml
2018-05-27 18:57 - 2018-05-27 18:57 - 000126464 _____ () C:\Users\Maverick\AppData\Local\noah.dat
2018-05-02 15:22 - 2018-05-27 20:50 - 000007624 _____ () C:\Users\Maverick\AppData\Local\Resmon.ResmonCfg
2018-05-27 18:57 - 2018-05-27 18:57 - 000929792 _____ () C:\Users\Maverick\AppData\Local\sham.db
2018-05-27 18:57 - 2018-05-27 18:57 - 000032038 _____ () C:\Users\Maverick\AppData\Local\uninstall_temp.ico
2018-05-27 18:57 - 2018-05-27 18:57 - 002136576 _____ (TODO: <Company name>) C:\Users\Maverick\AppData\Local\Vianix.exe
2018-05-27 18:57 - 2018-05-27 18:57 - 000278510 _____ () C:\Users\Maverick\AppData\Local\Vianix.tst

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-25 08:46

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:100.71 GB) (Free:29.22 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:146.48 GB) (Free:41.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (SIMULATORS) (Fixed) (Total:365.05 GB) (Free:100.04 GB) NTFS
Drive f: (Místní disk) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: () (Fixed) (Total:19.53 GB) (Free:14.61 GB) NTFS
Drive h: (Nový svazek) (Fixed) (Total:299.74 GB) (Free:18.84 GB) NTFS
Drive i: (OS) (Fixed) (Total:922.35 GB) (Free:11.81 GB) NTFS
Drive j: (SAMSUNG SSD) (CDROM) (Total:0.05 GB) (Free:0 GB) UDF
Drive k: (HP_RECOVERY) (Fixed) (Total:9.06 GB) (Free:1.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive p: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
Drive q: (My Passport) (Fixed) (Total:465.11 GB) (Free:4.95 GB) NTFS
Drive s: (Elements) (Fixed) (Total:698.6 GB) (Free:371.77 GB) NTFS

Available physical RAM: 13810 MB
Total physical RAM: 16326.49 MB
Percentage of memory in use: 15%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6D303660)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=299.7 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 04AE9035)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=922.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.1 GB) - (Type=07 NTFS)
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 6E700442)
Partition 1: (Active) - (Size=100.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=365.1 GB) - (Type=07 NTFS)
Disk: 3 (Size: 698.6 GB) (Disk ID: 16F2A91F)
Disk: 8 (MBR Code: Windows XP) (Size: 465.1 GB) (Disk ID: 00021968)
Partition 1: (Not Active) - (Size=465.1 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Maverick\Desktop" je 41 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

==================== End Of Log ==============================

OK. Nastala nějaká změna?

V procesech mi už nic podezřelého nepřijde. Vytížení procesoru je taky ok. Rychlý test avastu nic neodhalil.

Jen teda prohlížeč Chrome má v sobě pořád ty reklamy, které tam dřív nebyly. Např. v seznamu hned pod vyhledávací lištou.

Zkusíme prohlížeče vyčistit. Spusťte postupně tyto utility:

1. Stahnete Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://www.stahuj.centrum.cz/utility_a_ ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Nevím jestli nejsem netrpělivý, ale ZOEK mi stojí už 20 minut na --- Checking Input 16:10:56,42 .

Je to normální?

On se někdy sám neukončí, pokud se nehne 30 a víc minut, zrušte a spusťte JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Maverick (Administrator) on 28.05.2018 at 17:13:13,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 6

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\PCSUUCDRV (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.05.2018 at 17:16:08,65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reklamy ve stránkách se zobrazují stále

Reklamy zmizely?

VIRY.CZ

Nechtěně nainstalovaný malware/trojan,prosím o kontrolu logu

Nechtěně nainstalovaný malware/trojan,prosím o kontrolu logu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu

Re: Nechtěně nainstalovaný malware/trojan,prosím o kontrolu