Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Program vypíná avasta - asi vir

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Nevim
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 03 bře 2015 21:21

Program vypíná avasta - asi vir

#1 Příspěvek od Nevim »

Zdravím, už asi pět dní mi nějaký program vypíná štíty u antiviru avast. Prosím o kontrolu logu

Logfile of random's system information tool 1.14 (written by random/random)
Run by Rhomb at 2016-12-04 20:29:22
Microsoft Windows 10 Home
System drive C: has 117 GB (31%) free of 381 GB
Total RAM: 8081 MB (59% free)
X64

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:29:39, on 04.12.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Rhomb\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWoW64\ctfmon.exe
C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Rhomb_RSITx64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus15.msn.com/?pc=ASTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus15.msn.com/?pc=ASTE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
O4 - HKLM\..\Run: [ROGNB] "C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [20161125] "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\2dbc929c-46ea-47b3-8032-93ce96088f55\90e3af39-1297-4b7a-b57a-88ceeb3c63ed.dll",_stage2@16
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Rhomb\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Rhomb\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7A67BE89282E863334EE319AFB67A835] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
O23 - Service: AsusGameFirstService - ASUSTeK - C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
O23 - Service: Asus GiftBox Desktop (ASUSGiftBoxDekstop) - ASUS - C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Conexant Audio Message Service (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: DriverMFTService - ASUSTek Computer Inc. - C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem64.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Wireless Controller Service - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 14435 bytes

======Enumerating Processes======

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
"C:\WINDOWS\system32\nvvsvc.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Windows\system32\CxAudMsg64.exe
"C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
C:\WINDOWS\system32\ibtsiva.exe
"C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe"
"C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe"
"C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe"
"C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Windows\system32\SAsrv.exe"
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem"
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe"
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe"
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\WLANExt.exe 1284565357552
\??\C:\WINDOWS\system32\conhost.exe 0x4
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
C:\WINDOWS\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe" -f "C:\ProgramData\NVIDIA\NvContainerUser%d.log" -d "C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User" -l 3 -c
"C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService"
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\Windows\System32\RuntimeBroker.exe -Embedding
C:\WINDOWS\system32\igfxTray.exe
"C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\Program Files\NVIDIA Corporation\nvstreamsrv\NvStreamUserAgent.exe
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\SettingSyncHost.exe -Embedding
"C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe" index.js
\??\C:\WINDOWS\system32\conhost.exe 0x4
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe"
"C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe"
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Users\Rhomb\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe" -Embedding
"C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
"C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe"
"C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 "--database=C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x248
"C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_13/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,16,20,34,51,60 --gpu-vendor-id=0x8086 --gpu-device-id=0x0416 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.15.4256 --gpu-driver-date=7-17-2015 --gpu-secondary-vendor-ids=0x10de --gpu-secondary-device-ids=0x139a --mojo-application-channel-token=240D49B45EEF68C133EE207628A7915C --mojo-platform-channel-handle=1516 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_13/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=1C4B2C762BF0A8467062734FF3F0F67E --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=1C4B2C762BF0A8467062734FF3F0F67E --channel="11380.1.834872639\1057600051" --mojo-platform-channel-handle=2544 /prefetch:1
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe" --type=renderer --disable-gpu-compositing --no-sandbox --enable-begin-frame-scheduling --primordial-pipe-token=28BAF8BCB1E67659B3670185308636C7 --lang=en-US --lang=en-US --log-file="C:\Users\Rhomb\AppData\Local\NVIDIA Corporation\NVIDIA Share\CefCache\debug.log" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="7468.0.1371993610\820257142" --mojo-platform-channel-handle=1480 /prefetch:1
"C:\Program Files\Conexant\SAII\SmartAudio.exe" /c
"C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe" "-cachedir=C:\Users\Rhomb\AppData\Local\Steam\htmlcache" "-steampid=6368" "-buildid=1476379980" "-steamid=0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\WINDOWS\System32\fontdrvhost.exe
"C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe"
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\InstallAgent.exe -Embedding
C:\Windows\System32\InstallAgentUserBroker.exe -Embedding
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe" -critical
"C:\WINDOWS\system32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617
C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSPanel.exe
C:\WINDOWS\system32\DllHost.exe /Processid:{49F6E667-6658-4BD1-9DE9-6AF87F9FAF85}
C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding
"C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_13/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=8A5212671BC8218EF61613FABA8BC9CF --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=8A5212671BC8218EF61613FABA8BC9CF --channel="11380.268.1840016575\1551333284" --mojo-platform-channel-handle=8184 /prefetch:1
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\SysWoW64\ctfmon.exe
"C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe" /OEMTA silent
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_13/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=15C2171620488C7EF40A9EFB12E15A86 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=15C2171620488C7EF40A9EFB12E15A86 --channel="11380.386.83168444\1329575220" --mojo-platform-channel-handle=4988 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features="*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PreconnectMore<PreconnectMore,SecurityWarningIconUpdate<SecurityWarningIconUpdate,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,PointerEvent<PointerEvent,SSLPostQuantumExperiment<SSLPostQuantum,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/*AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Default/*EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/*GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/*PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledJuly/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/*SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Enabled/SignInPasswordPromo/Default/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/*TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_62/*UMA-Uniformity-Trial-10-Percent/group_03/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_03/*UMA-Uniformity-Trial-5-Percent/group_13/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=E91DF0DF1933B3A2C56B4741E386E5F0 --lang=cs --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=E91DF0DF1933B3A2C56B4741E386E5F0 --channel="11380.390.1325615102\504252136" --mojo-platform-channel-handle=13008 /prefetch:1
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe421_ Global\UsGthrCtrlFltPipeMssGthrPipe421 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 648 652 660 8192 656
C:\Windows\System32\smartscreen.exe -Embedding
C:\WINDOWS\system32\AUDIODG.EXE 0x740
"C:\Users\Rhomb\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\WpsNotifyTask_Administrator.job - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe -from=task
C:\WINDOWS\tasks\WpsNotifyTask_Rhomb.job - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe -from=task
C:\WINDOWS\tasks\WpsUpdateTask_Administrator.job - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe -from=task
C:\WINDOWS\tasks\WpsUpdateTask_Rhomb.job - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe -from=task
C:\WINDOWS\system32\tasks\ASUS Live Update1 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -critical
C:\WINDOWS\system32\tasks\ASUS Live Update2 - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe -check
C:\WINDOWS\system32\tasks\ASUS Smart Gesture Launcher - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
C:\WINDOWS\system32\tasks\ASUS Splendid ACMON - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\WINDOWS\system32\tasks\ASUS USB Charger Plus - "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe"
C:\WINDOWS\system32\tasks\ATK Package 36D18D69AFC3 - "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe" -CancelShutdown
C:\WINDOWS\system32\tasks\ATK Package A22126881260 - "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe"
C:\WINDOWS\system32\tasks\avast! Emergency Update - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\system32\tasks\avast! Windows 10 Start Menu helper - c:\program files\avast software\avast\asww10mon.exe
C:\WINDOWS\system32\tasks\DropboxOEM - "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" auto
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\system32\tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
C:\WINDOWS\system32\tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
C:\WINDOWS\system32\tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
C:\WINDOWS\system32\tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
C:\WINDOWS\system32\tasks\OneDrive Standalone Update Task - C:\Users\Rhomb\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
C:\WINDOWS\system32\tasks\SafeZone scheduled Autoupdate 1475426644 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\WINDOWS\system32\tasks\Update Checker - C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{125C4E54-A266-4431-A02F-BC141CD40728} - C:\WINDOWS\system32\msfeedssync.exe sync
C:\WINDOWS\system32\tasks\WpsNotifyTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe -from=task
C:\WINDOWS\system32\tasks\WpsNotifyTask_Rhomb - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsnotify.exe -from=task
C:\WINDOWS\system32\tasks\WpsUpdateTask_Administrator - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe -from=task
C:\WINDOWS\system32\tasks\WpsUpdateTask_Rhomb - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdate.exe -from=task
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTask - %windir%\System32\XblGameSaveTask.exe standby
C:\WINDOWS\system32\tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon - %windir%\System32\XblGameSaveTask.exe logon
C:\WINDOWS\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\WINDOWS\system32\sc.exe start wuauserv
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\WINDOWS\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -upload
C:\WINDOWS\system32\tasks\Microsoft\Windows\WCM\WiFiTask - %SystemRoot%\System32\WiFiTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval - C:\Windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install - %systemroot%\system32\usoclient.exe StartInstall
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Reboot - %systemroot%\system32\MusNotification.exe RebootDialog
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings - %systemroot%\system32\usoclient.exe RefreshSettings
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot - %systemroot%\system32\usoclient.exe ResumeUpdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan - %systemroot%\system32\usoclient.exe StartScan
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display - C:\windows\system32\MusNotification.exe Display
C:\WINDOWS\system32\tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot - C:\windows\system32\MusNotification.exe ReadyToReboot
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\WINDOWS\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\WINDOWS\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization - %windir%\system32\defrag.exe -c -h -g -# -m 8 -i 13500
C:\WINDOWS\system32\tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask - %windir%\system32\speech_onecore\common\SpeechModelDownload.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\spaceman.exe /Work
C:\WINDOWS\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\SharedPC\Account Cleanup - %windir%\System32\rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\WINDOWS\system32\MRT.exe /EHB /Q
C:\WINDOWS\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\WINDOWS\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\WINDOWS\system32\tasks\Microsoft\Windows\NlaSvc\WiFiTask - %SystemRoot%\System32\WiFiTask.exe nla
C:\WINDOWS\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\WINDOWS\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Management\Provisioning\Logon - %windir%\system32\ProvTool.exe /turn 5
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotificationWindows.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClient - %windir%\system32\dmclient.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload - %windir%\system32\dmclient.exe utcwnf
C:\WINDOWS\system32\tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask - %windir%\system32\MDMAgent.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DUSM\dusmtask - %SystemRoot%\System32\dusmtask.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskFootprint\Diagnostics - %windir%\system32\disksnapshot.exe -z
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\WINDOWS\system32\tasks\Microsoft\Windows\Device Information\Device - %windir%\system32\devicecensus.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\WINDOWS\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Clip\License Validation - %SystemRoot%\system32\ClipUp.exe -p -s -o
C:\WINDOWS\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\WINDOWS\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierdaily - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\appuriverifierinstall - %windir%\system32\AppHostRegistrationVerifier.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\WINDOWS\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattelrunner.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\compattelrunner.exe -maintenance
C:\WINDOWS\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\WINDOWS\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\WINDOWS\system32\tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification - %ProgramFiles(x86)%\Microsoft Office\Office15\FirstRun.exe /OEMTA silent
C:\WINDOWS\system32\tasks\ASUS\ASUS Product Register Service - C:\Program Files (x86)\ASUS\APRP\aprp.exe

=========Google Chrome=========

C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension cmeakgjggjdlcpncigglobpjbkabhmjl 1 Steam Inventory Helper 1.10.1
Extension coobgpohoikkiipiblmjeljniedjpjpf 1 Vyhledávání Google 0.0.0.60
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension eofcbnmajmjmplflapaojjnihcjkigck 0 Avast SafePrice 12.0.155
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension fheoggkfdfchfphceeifdbepaooicaho
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.124
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.38
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.0
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.0
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5416.905.0.6
Homepage:
default_search_provider.search_url:
C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck]
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx


======Registry dump======


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ASTE


[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTer ... TR&pc=ASTE

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-04 473152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30 629256]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-04 186944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2015-06-10 599896]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SACpl.exe [2014-04-10 1830616]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-24 2726728]
"ShadowPlay"=C:\WINDOWS\system32\nvspcap64.dll [2016-09-30 1842624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Rhomb\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-16 633024]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-10-13 2860832]
"Spotify Web Helper"=C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2016-11-29 1433712]
"Spotify"=C:\Users\Rhomb\AppData\Roaming\Spotify\Spotify.exe [2016-11-29 7071344]
"GoogleChromeAutoLaunch_7A67BE89282E863334EE319AFB67A835"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2016-11-08 921192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WebStorage"=C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [2015-05-31 63272]
"ROGNB"=C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [2013-05-15 463872]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-10 9044392]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-09-22 587288]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20161125"=C:\Program Files\AVAST Software\Avast\aswRunDll.exe [2016-09-26 901992]

C:\Users\Rhomb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableUIADesktopToggle"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
"StubPath"=%SystemRoot%\inf\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-12-04 20:29:22 ----D---- C:\rsit
2016-12-04 20:29:22 ----D---- C:\Program Files\trend micro
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9329.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9328.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9318.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9317.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9316.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9315.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9314.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9313.tmp
2016-12-04 18:56:28 ----A---- C:\WINDOWS\system32\drivers\asw9302.tmp
2016-12-04 18:56:13 ----A---- C:\WINDOWS\system32\aswBoot.exe
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AB0.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AAF.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AAE.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AAD.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AAC.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7AAB.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7A9A.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7A99.tmp
2016-11-13 22:43:49 ----A---- C:\WINDOWS\system32\drivers\asw7A79.tmp
2016-11-09 11:53:13 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Search.dll
2016-11-09 11:53:13 ----A---- C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 11:53:13 ----A---- C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 11:53:13 ----A---- C:\WINDOWS\system32\oleaut32.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\zipfldr.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\weretw.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\ole32.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\msctf.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\chartv.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\SYSWOW64\ExplorerFrame.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\system32\wer.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\system32\usercpl.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\system32\ole32.dll
2016-11-09 11:53:12 ----A---- C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SYSWOW64\wer.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SYSWOW64\fontdrvhost.exe
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SYSWOW64\d3d10warp.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\SYSWOW64\atmfd.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\weretw.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\ubpm.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2016-11-09 11:53:11 ----A---- C:\WINDOWS\system32\asycfilt.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\SYSWOW64\NPSM.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\system32\WpcTok.exe
2016-11-09 11:53:10 ----A---- C:\WINDOWS\system32\TSpkg.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\system32\drivers\bowser.sys
2016-11-09 11:53:10 ----A---- C:\WINDOWS\system32\ddraw.dll
2016-11-09 11:53:10 ----A---- C:\WINDOWS\system32\dab.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\SYSWOW64\wininetlui.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\system32\netplwiz.dll
2016-11-09 11:53:09 ----A---- C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 11:53:08 ----A---- C:\WINDOWS\SYSWOW64\atmlib.dll
2016-11-09 11:53:08 ----A---- C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\SYSWOW64\mfsvr.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\SYSWOW64\MFMediaEngine.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\system32\wmp.dll
2016-11-09 11:53:07 ----A---- C:\WINDOWS\system32\chartv.dll
2016-11-09 11:53:06 ----A---- C:\WINDOWS\SYSWOW64\wmp.dll
2016-11-09 11:53:06 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2016-11-09 11:53:06 ----A---- C:\WINDOWS\SYSWOW64\fontext.dll
2016-11-09 11:53:06 ----A---- C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 11:53:06 ----A---- C:\WINDOWS\system32\twinapi.dll
2016-11-09 11:53:06 ----A---- C:\WINDOWS\system32\authui.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Immersive.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\twinapi.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\themecpl.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\gameux.dll
2016-11-09 11:53:05 ----A---- C:\WINDOWS\SYSWOW64\DevicePairing.dll
2016-11-09 11:53:04 ----A---- C:\WINDOWS\SYSWOW64\sud.dll
2016-11-09 11:53:04 ----A---- C:\WINDOWS\SYSWOW64\stobject.dll
2016-11-09 11:53:04 ----A---- C:\WINDOWS\SYSWOW64\hgcpl.dll
2016-11-09 11:53:04 ----A---- C:\WINDOWS\SYSWOW64\explorer.exe
2016-11-09 11:53:03 ----A---- C:\WINDOWS\SYSWOW64\ntdll.dll
2016-11-09 11:53:03 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 11:53:03 ----A---- C:\WINDOWS\system32\ListSvc.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2016-11-09 11:53:02 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\SYSWOW64\comdlg32.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\system32\wwansvc.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\system32\rdpcore.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\system32\efsext.dll
2016-11-09 11:53:02 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2016-11-09 11:53:02 ----A---- C:\WINDOWS\system32\comdlg32.dll
2016-11-09 11:53:01 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2016-11-09 11:53:01 ----A---- C:\WINDOWS\SYSWOW64\AuthExt.dll
2016-11-09 11:52:58 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 11:52:58 ----A---- C:\WINDOWS\system32\stobject.dll
2016-11-09 11:52:58 ----A---- C:\WINDOWS\system32\AudioEng.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\SYSWOW64\usercpl.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\zipfldr.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\themecpl.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\sud.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\msv1_0.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\hgcpl.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\fontext.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\browserbroker.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\AudioSes.dll
2016-11-09 11:52:57 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\system32\gameux.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\system32\audiosrv.dll
2016-11-09 11:52:56 ----A---- C:\WINDOWS\explorer.exe
2016-11-09 11:52:55 ----A---- C:\WINDOWS\system32\twinui.dll
2016-11-09 11:52:55 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 11:52:53 ----A---- C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 11:52:53 ----A---- C:\WINDOWS\system32\ntdll.dll
2016-11-09 11:52:52 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2016-11-09 11:52:52 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2016-11-09 11:52:52 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2016-11-09 11:52:52 ----A---- C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 11:52:52 ----A---- C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 11:52:52 ----A---- C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\NPSM.dll
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\drivers\ntfs.sys
2016-11-09 11:52:51 ----A---- C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SYSWOW64\olepro32.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SYSWOW64\LockAppBroker.dll
2016-11-09 11:52:50 ----A---- C:\WINDOWS\SYSWOW64\asycfilt.dll
2016-11-09 11:52:49 ----A---- C:\WINDOWS\SYSWOW64\mshtmled.dll
2016-11-09 11:52:49 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2016-11-09 11:52:48 ----A---- C:\WINDOWS\SYSWOW64\ActionCenterCPL.dll
2016-11-09 11:52:47 ----A---- C:\WINDOWS\SYSWOW64\gdi32full.dll
2016-11-09 11:52:47 ----A---- C:\WINDOWS\system32\ntshrui.dll
2016-11-09 11:52:47 ----A---- C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 11:52:47 ----A---- C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 11:52:47 ----A---- C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 11:52:46 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2016-11-09 11:52:46 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2016-11-09 11:52:46 ----A---- C:\WINDOWS\SYSWOW64\ieproxy.dll
2016-11-09 11:52:45 ----A---- C:\WINDOWS\system32\shell32.dll
2016-11-09 11:52:44 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2016-11-09 11:52:44 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2016-11-09 11:52:44 ----A---- C:\WINDOWS\system32\jscript9.dll
2016-11-09 11:52:44 ----A---- C:\WINDOWS\system32\ieproxy.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\system32\shdocvw.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\system32\iertutil.dll
2016-11-09 11:52:43 ----A---- C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\SYSWOW64\d3d9.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\system32\mshtmled.dll
2016-11-09 11:52:42 ----A---- C:\WINDOWS\system32\FSClient.dll
2016-11-09 11:52:41 ----A---- C:\WINDOWS\system32\win32kbase.sys
2016-11-09 11:52:41 ----A---- C:\WINDOWS\system32\ieframe.dll
2016-11-09 11:52:41 ----A---- C:\WINDOWS\system32\Chakra.dll
2016-11-09 11:52:40 ----A---- C:\WINDOWS\SYSWOW64\cdp.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.Globalization.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\system32\mshtml.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\system32\FrameServer.dll
2016-11-09 11:52:39 ----A---- C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 11:52:38 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 11:52:37 ----A---- C:\WINDOWS\system32\wininet.dll
2016-11-09 11:52:37 ----A---- C:\WINDOWS\system32\mstscax.dll
2016-11-09 11:52:37 ----A---- C:\WINDOWS\system32\inetcomm.dll
2016-11-09 11:52:37 ----A---- C:\WINDOWS\system32\cdp.dll
2016-11-09 11:52:37 ----A---- C:\WINDOWS\system32\bisrv.dll
2016-11-09 11:52:36 ----A---- C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 11:52:36 ----A---- C:\WINDOWS\system32\edgehtml.dll
2016-11-09 11:52:34 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 11:52:34 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 11:52:33 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2016-11-09 11:52:33 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 11:52:32 ----A---- C:\WINDOWS\SYSWOW64\dxtrans.dll
2016-11-09 11:52:32 ----A---- C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 11:52:32 ----A---- C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 11:52:32 ----A---- C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 11:52:31 ----A---- C:\WINDOWS\SYSWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 11:52:31 ----A---- C:\WINDOWS\SYSWOW64\NetSetupEngine.dll
2016-11-09 11:52:31 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 11:52:31 ----A---- C:\WINDOWS\system32\mstsc.exe
2016-11-09 11:52:30 ----A---- C:\WINDOWS\SYSWOW64\UIAnimation.dll
2016-11-09 11:52:30 ----A---- C:\WINDOWS\SYSWOW64\NetSetupApi.dll
2016-11-09 11:52:30 ----A---- C:\WINDOWS\SYSWOW64\input.dll
2016-11-09 11:52:30 ----A---- C:\WINDOWS\system32\wifitask.exe
2016-11-09 11:52:30 ----A---- C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 11:52:29 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\SYSWOW64\iepeers.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\SYSWOW64\GlobCollationHost.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\SYSWOW64\ErrorDetailsUpdate.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\SYSWOW64\ErrorDetails.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\iepeers.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\dxtrans.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 11:52:29 ----A---- C:\WINDOWS\system32\AppCapture.dll
2016-11-09 11:52:28 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2016-11-09 11:52:28 ----A---- C:\WINDOWS\system32\winresume.exe
2016-11-09 11:52:28 ----A---- C:\WINDOWS\system32\winload.exe
2016-11-09 11:52:28 ----A---- C:\WINDOWS\system32\rdpudd.dll
2016-11-09 11:52:28 ----A---- C:\WINDOWS\system32\msinfo32.exe
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\ntshrui.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\MSVidCtl.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\mfsensorgroup.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\SYSWOW64\FSClient.dll
2016-11-09 11:52:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 11:52:26 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2016-11-09 11:52:26 ----A---- C:\WINDOWS\SYSWOW64\msinfo32.exe
2016-11-09 11:52:26 ----A---- C:\WINDOWS\SYSWOW64\authui.dll
2016-11-09 11:52:26 ----A---- C:\WINDOWS\system32\msctf.dll
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\win32kfull.sys
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\mfsvr.dll
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\mfcore.dll
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\lsasrv.dll
2016-11-09 11:52:25 ----A---- C:\WINDOWS\system32\d3d9.dll
2016-11-09 11:52:24 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2016-11-09 11:52:24 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 11:52:24 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 11:52:24 ----A---- C:\WINDOWS\system32\gdi32full.dll
2016-11-09 11:52:24 ----A---- C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 11:52:24 ----A---- C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\SYSWOW64\efsext.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\SYSWOW64\BcastDVRHelper.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\SYSWOW64\bcastdvr.exe
2016-11-09 11:52:23 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 11:52:23 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 11:52:23 ----A---- C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\SYSWOW64\comctl32.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\win32k.sys
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\input.dll
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\drivers\iorate.sys
2016-11-09 11:52:22 ----A---- C:\WINDOWS\system32\atmfd.dll
2016-11-09 11:52:21 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2016-11-09 11:52:21 ----A---- C:\WINDOWS\SYSWOW64\ddraw.dll
2016-11-09 11:52:21 ----A---- C:\WINDOWS\SYSWOW64\d3d8.dll
2016-11-09 11:52:21 ----A---- C:\WINDOWS\system32\wininetlui.dll
2016-11-09 11:52:21 ----A---- C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 11:52:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 11:52:19 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2016-11-09 11:52:19 ----A---- C:\WINDOWS\SYSWOW64\AppCapture.dll
2016-11-09 11:52:19 ----A---- C:\WINDOWS\system32\atmlib.dll

======List of files/folders modified in the last 1 month======

2016-12-04 20:29:22 ----RD---- C:\Program Files
2016-12-04 20:17:02 ----D---- C:\WINDOWS\Temp
2016-12-04 20:17:02 ----D---- C:\WINDOWS\system32\SleepStudy
2016-12-04 20:05:54 ----D---- C:\WINDOWS\Prefetch
2016-12-04 20:01:51 ----SHDC---- C:\WINDOWS\Installer
2016-12-04 20:01:51 ----D---- C:\Program Files (x86)\Common Files
2016-12-04 20:01:34 ----D---- C:\WINDOWS\SysWOW64
2016-12-04 20:01:30 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2016-12-04 20:01:16 ----D---- C:\Program Files (x86)\Java
2016-12-04 19:37:00 ----D---- C:\WINDOWS\system32\sru
2016-12-04 19:36:04 ----D---- C:\WINDOWS\system32\drivers
2016-12-04 18:56:46 ----D---- C:\WINDOWS\system32\Tasks
2016-12-04 18:56:13 ----D---- C:\WINDOWS\System32
2016-12-04 18:56:08 ----D---- C:\Windows
2016-12-04 13:39:31 ----RD---- C:\WINDOWS\Microsoft.NET
2016-12-04 12:34:05 ----D---- C:\Users\Rhomb\AppData\Roaming\Spotify
2016-12-04 12:28:50 ----D---- C:\ProgramData\NVIDIA
2016-12-04 12:28:45 ----D---- C:\Program Files (x86)\Steam
2016-12-04 12:28:39 ----D---- C:\ProgramData\ASUS Smart Gesture
2016-12-04 12:28:07 ----A---- C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-04 00:00:12 ----D---- C:\Users\Rhomb\AppData\Roaming\TS3Client
2016-12-03 00:40:54 ----D---- C:\Users\Rhomb\AppData\Roaming\.minecraft
2016-12-02 22:50:30 ----AD---- C:\Program Files (x86)\Minecraft
2016-12-02 19:39:43 ----HD---- C:\ProgramData
2016-12-02 16:17:15 ----D---- C:\WINDOWS\AppReadiness
2016-12-01 22:41:31 ----D---- C:\ProgramData\CanonIJPLM
2016-12-01 17:47:16 ----D---- C:\Users\Rhomb\AppData\Roaming\Skype
2016-12-01 17:46:12 ----D---- C:\ProgramData\Skype
2016-12-01 17:46:09 ----RD---- C:\Program Files (x86)\Skype
2016-12-01 17:45:40 ----SHD---- C:\System Volume Information
2016-12-01 16:14:28 ----HD---- C:\Program Files\WindowsApps
2016-11-27 12:40:48 ----D---- C:\WINDOWS\system32\config
2016-11-26 10:54:11 ----D---- C:\WINDOWS\system32\NDF
2016-11-23 18:11:32 ----D---- C:\WINDOWS\system32\DriverStore
2016-11-23 16:59:31 ----D---- C:\WINDOWS\WinSxS
2016-11-20 18:45:10 ----D---- C:\WINDOWS\system32\catroot2
2016-11-15 19:48:14 ----SD---- C:\Users\Rhomb\AppData\Roaming\Microsoft
2016-11-13 23:36:13 ----D---- C:\Users\Rhomb\AppData\Roaming\vlc
2016-11-12 18:33:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-12 18:30:59 ----D---- C:\WINDOWS\INF
2016-11-12 18:29:14 ----D---- C:\WINDOWS\Minidump
2016-11-12 17:19:13 ----D---- C:\WINDOWS\rescache
2016-11-09 22:29:58 ----D---- C:\WINDOWS\SYSWOW64\migration
2016-11-09 22:29:57 ----D---- C:\WINDOWS\SYSWOW64\en-GB
2016-11-09 22:29:57 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2016-11-09 22:29:52 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 22:29:52 ----D---- C:\WINDOWS\system32\oobe
2016-11-09 22:29:52 ----D---- C:\WINDOWS\system32\migwiz
2016-11-09 22:29:52 ----D---- C:\WINDOWS\system32\migration
2016-11-09 22:29:51 ----D---- C:\WINDOWS\system32\en-US
2016-11-09 22:29:51 ----D---- C:\WINDOWS\system32\en-GB
2016-11-09 22:29:51 ----D---- C:\WINDOWS\system32\cs-CZ
2016-11-09 22:29:51 ----D---- C:\WINDOWS\system32\Boot
2016-11-09 22:29:49 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2016-11-09 22:29:49 ----D---- C:\WINDOWS\ShellExperiences
2016-11-09 22:29:49 ----D---- C:\WINDOWS\bcastdvr
2016-11-09 22:29:49 ----D---- C:\WINDOWS\AppPatch
2016-11-09 20:38:13 ----D---- C:\WINDOWS\CbsTemp
2016-11-09 20:33:24 ----D---- C:\WINDOWS\system32\MRT
2016-11-09 20:30:36 ----AC---- C:\WINDOWS\system32\MRT.exe
2016-11-05 22:43:53 ----D---- C:\Users\Rhomb\AppData\Roaming\avidemux
2016-11-05 22:41:08 ----D---- C:\Users\Rhomb\AppData\Roaming\Audacity

File C:\WINDOWS\system32\winlogon.exe is digitally signed
File C:\WINDOWS\system32\wininit.exe is digitally signed
File C:\WINDOWS\explorer.exe is digitally signed
File C:\WINDOWS\SysWOW64\explorer.exe is digitally signed
File C:\WINDOWS\system32\svchost.exe is digitally signed
File C:\WINDOWS\SysWOW64\svchost.exe is digitally signed
File C:\WINDOWS\system32\services.exe is digitally signed
File C:\WINDOWS\system32\User32.dll is digitally signed
File C:\WINDOWS\SysWOW64\User32.dll is digitally signed
File C:\WINDOWS\system32\userinit.exe is digitally signed
File C:\WINDOWS\SysWOW64\userinit.exe is digitally signed
File C:\WINDOWS\system32\rpcss.dll is digitally signed
File C:\WINDOWS\system32\Drivers\volsnap.sys is digitally signed

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-09-26 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-10-14 293352]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2015-08-10 1462720]
R0 IntelHSWPcc;IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-06-26 88256]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2016-09-26 37144]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-09-26 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-09-26 969184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-09-26 513632]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-07-02 19768]
R1 NFC_Driver;NFC_Driver; C:\WINDOWS\system32\drivers\NFC_Driver.sys [2015-01-05 53440]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-09-26 108816]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-09-26 163416]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R3 AiCharger;ASUS Charger Driver; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [2015-05-25 21816]
R3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-09-26 37656]
R3 ATP;@oem24.inf,%PS2.DeviceDesc%;ASUS Input Device; C:\WINDOWS\System32\drivers\AsusTP.sys [2015-12-14 101368]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-16 84992]
R3 CnxtHdAudService;@oem15.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDRT64.sys [2015-07-09 1544280]
R3 HIDSwitch;@oem25.inf,%ASSW.DisplayName%;ASUS Wireless Radio Control; C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-05-13 19976]
R3 ibtusb;@oem64.inf,%ibtusb.SVCDESC_IBT%;Intel(R) Wireless Bluetooth(R); C:\WINDOWS\system32\DRIVERS\ibtusb.sys [2016-07-12 349960]
R3 Netwtw04;___ Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit; C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-07-16 7116288]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_d5bd1ae16e09cc23\nvlddmkm.sys [2016-09-20 14242872]
R3 NvStreamKms;NVIDIA KMS; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-09-30 27584]
R3 nvvad_WaveExtensible;@oem81.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\WINDOWS\system32\drivers\nvvad64v.sys [2016-09-02 46016]
R3 rt640x64;@oem17.inf,%rt640.Service.DispName%;Realtek RT640 NT Driver; C:\WINDOWS\System32\drivers\rt640x64.sys [2015-07-15 887552]
R3 RTSPER;@oem13.inf,%Rts5227PER%;Realtek PCIE Card Reader - PER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [2015-06-15 753368]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\WINDOWS\System32\drivers\BthEnum.sys [2016-09-16 114176]
S3 BthLEEnum;@BthLEEnum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-09-15 249856]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\WINDOWS\System32\drivers\BTHport.sys [2016-10-15 967168]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-09-16 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\System32\drivers\rfcomm.sys [2016-07-16 183808]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [2014-03-26 115512]
R2 Asus WebStorage Windows Service;Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [2015-05-31 71168]
R2 AsusGameFirstService;AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [2015-02-02 356664]
R2 ASUSGiftBoxDekstop;Asus GiftBox Desktop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [2015-07-20 315704]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 CDPUserSvc_c0f36b5;CDPUserSvc_c0f36b5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 CxAudMsg;Conexant Audio Message Service; C:\Windows\system32\CxAudMsg64.exe [2014-10-20 207576]
R2 DriverMFTService;DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [2015-05-19 20992]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2015-06-12 640928]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2015-04-14 373312]
R2 ibtsiva;@oem64.inf,%SERVICE_NAME%;Intel Bluetooth Service; C:\WINDOWS\system32\ibtsiva []
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-07-22 223520]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2015-07-22 415520]
R2 NvContainerLocalSystem;NVIDIA LocalSystem Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-09-30 455616]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [2016-09-30 1163712]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2016-09-16 1364024]
R2 OneSyncSvc_c0f36b5;Hostitel synchronizace_c0f36b5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2015-06-12 157088]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-04-14 389896]
R2 SAService;Conexant SmartAudio service; C:\WINDOWS\syswow64\SAsrv.exe [2015-04-17 427224]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
R3 Intel(R) Security Assist;Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2015-05-19 335872]
R3 NvContainerNetworkService;NVIDIA NetworkService Container; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2016-09-30 455616]
R3 PimIndexMaintenanceSvc_c0f36b5;Data kontaktů_c0f36b5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
R3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\RMapi.dll
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-10-13 1459488]
R3 TimeBrokerSvc;@%windir%\system32\TimeBrokerServer.dll,-1001; %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\TimeBrokerServer.dll
S2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-26 197128]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=%SystemRoot%\System32\CDPUserSvc.dll
S2 isaHelperSvc;Intel(R) Security Assist Helper; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2015-05-19 7680]
S2 Kingsoft_WPS_UpdateService;WPS Office Update Service; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [2015-08-15 133480]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; %SystemRoot%\System32\svchost.exe -k Camera;"ServiceDll"=%SystemRoot%\system32\FrameServer.dll
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-12-16 265808]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\hvhostsvc.dll
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-05-22 881152]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted;"ServiceDll"=%SystemRoot%\System32\irmon.dll
S3 MessagingService_c0f36b5;Služba zasílání zpráv_c0f36b5; C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup;"ServiceDll"=
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2015-06-12 268192]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; %SystemRoot%\System32\svchost.exe -k netsvcs;"ServiceDll"=%systemroot%\system32\Windows.SharedPC.AccountManager.dll

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Program vypíná avasta - asi vir

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Nevim
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 03 bře 2015 21:21

Re: Program vypíná avasta - asi vir

#3 Příspěvek od Nevim »

Nalezeno prý 0 hrozeb, nicméně pokaždé když zapnu avast, štíty jsou vypnuty. A když je zapnu, nahlásí to, že program se snaží vypnout štíty a že budu bez ochrany. Asi na 5 minut štíty jsou zapnuty, ale když zapnu avast znova, jsou zase vypnuty :D

# AdwCleaner v6.040 - Log vytvořen 04/12/2016 v 22:51:48
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-04.1 [Server]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Rhomb - DESKTOP-2T95MK6
# Spuštěno z : C:\Users\Rhomb\Desktop\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [799 Bajty] - [04/12/2016 22:51:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [1370 Bajty] - [04/12/2016 22:51:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [944 Bajty] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Program vypíná avasta - asi vir

#4 Příspěvek od Rudy »

Toto je OK. Teď dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Nevim
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 03 bře 2015 21:21

Re: Program vypíná avasta - asi vir

#5 Příspěvek od Nevim »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Rhomb (administrator) on DESKTOP-2T95MK6 (10-12-2016 13:41:19)
Running from C:\Users\Rhomb\Desktop
Loaded Profiles: Rhomb (Available Profiles: Rhomb)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\PixelMaster Video HDR\DriverMFTService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\System32\SASrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Spotify Ltd) C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSPanel.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [599896 2015-06-10] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-26] (AVAST Software)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\...\Run: [Spotify Web Helper] => C:\Users\Rhomb\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-09] (Spotify Ltd)
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\...\Run: [Spotify] => C:\Users\Rhomb\AppData\Roaming\Spotify\Spotify.exe [7095408 2016-12-09] (Spotify Ltd)
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\...\Run: [GoogleChromeAutoLaunch_7A67BE89282E863334EE319AFB67A835] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-08] (Google Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
Startup: C:\Users\Rhomb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-21]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{22277922-f142-482e-af62-ac1740ca5933}: [DhcpNameServer] 192.168.168.1
Tcpip\..\Interfaces\{d0887031-1925-4905-8e33-3b4416603d5c}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-04] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-04] (Oracle Corporation)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-07]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-07]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default [2016-12-10]
CHR Extension: (Prezentace Google) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-24]
CHR Extension: (Dokumenty Google) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-24]
CHR Extension: (Disk Google) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-24]
CHR Extension: (YouTube) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-24]
CHR Extension: (Steam Inventory Helper) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-11-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-24]
CHR Extension: (Avast SafePrice) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-15]
CHR Extension: (Tabulky Google) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Avast Online Security) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-24]
CHR Extension: (Chrome Media Router) - C:\Users\Rhomb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [356664 2015-02-02] (ASUSTeK)
R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 DriverMFTService; C:\Program Files (x86)\Asus\PixelMaster Video HDR\DriverMFTService.exe [20992 2015-05-19] (ASUSTek Computer Inc.) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359856 2015-07-30] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-22] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.4947\wtoolex\wpsupdatesvr.exe [133480 2015-08-15] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 SAService; C:\Windows\system32\SAsrv.exe [427224 2015-04-17] (Conexant Systems, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [88256 2015-06-26] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R1 NFC_Driver; C:\WINDOWS\System32\drivers\NFC_Driver.sys [53440 2015-01-05] (Titan ARC Corp.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_d5bd1ae16e09cc23\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 13:41 - 2016-12-10 13:42 - 00021305 _____ C:\Users\Rhomb\Desktop\FRST.txt
2016-12-10 13:40 - 2016-12-10 13:41 - 00000000 ____D C:\FRST
2016-12-10 13:39 - 2016-12-10 13:40 - 02420224 _____ (Farbar) C:\Users\Rhomb\Desktop\FRST64.exe
2016-12-07 19:48 - 2016-10-14 19:48 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B44.tmp
2016-12-07 19:48 - 2016-09-26 14:11 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2AD1.tmp
2016-12-07 19:48 - 2016-09-26 14:11 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B34.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-12-07 19:48 - 2016-09-26 14:10 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B65.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B13.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2AF1.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B23.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2B02.tmp
2016-12-07 19:48 - 2016-09-26 14:10 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw2AB1.tmp
2016-12-04 22:49 - 2016-12-04 22:51 - 00000000 ____D C:\AdwCleaner
2016-12-04 22:49 - 2016-12-04 22:49 - 03968464 _____ C:\Users\Rhomb\Desktop\adwcleaner_6.040.exe
2016-12-04 20:29 - 2016-12-04 20:29 - 01323520 _____ C:\Users\Rhomb\Downloads\RSITx64.exe
2016-12-04 20:29 - 2016-12-04 20:29 - 00000000 ____D C:\rsit
2016-12-04 20:29 - 2016-12-04 20:29 - 00000000 ____D C:\Program Files\trend micro
2016-12-03 23:58 - 2016-12-03 23:59 - 92721827 _____ C:\Users\Rhomb\Downloads\HOW LONG CAN IT GROW- (Slither.io - Part 01).mp4
2016-12-03 23:49 - 2016-12-03 23:50 - 69812934 _____ C:\Users\Rhomb\Downloads\MY NEW CAR pewdiepie.mp4
2016-12-03 23:38 - 2016-12-03 23:38 - 40436806 _____ C:\Users\Rhomb\Downloads\SHAVE- (Fridays With PewDiePie - Part 110).mp4
2016-12-02 22:50 - 2016-12-03 00:40 - 00001137 _____ C:\Users\Rhomb\Desktop\nativelog.txt
2016-11-27 15:44 - 2016-11-27 15:44 - 13876224 _____ C:\Users\Rhomb\Downloads\Prezentace B02 Stonek.ppt
2016-11-13 19:58 - 2016-11-13 21:19 - 730093569 _____ C:\Users\Rhomb\Downloads\Big--Lebowski-CZ.avi
2016-11-12 18:29 - 2016-11-12 18:29 - 00508364 _____ C:\WINDOWS\Minidump\111216-67390-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 13:39 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-10 13:39 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-10 13:36 - 2016-09-16 12:58 - 00000000 ____D C:\Users\Rhomb
2016-12-10 13:36 - 2016-02-04 17:25 - 00000000 ____D C:\Users\Rhomb\AppData\Local\Spotify
2016-12-10 13:36 - 2016-02-04 17:24 - 00000000 ____D C:\Users\Rhomb\AppData\Roaming\Spotify
2016-12-10 13:35 - 2016-09-16 13:12 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-12-10 13:35 - 2016-09-16 13:12 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-12-10 13:32 - 2016-09-16 12:54 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-10 13:32 - 2016-09-16 12:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-10 13:32 - 2016-02-21 13:29 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-12-10 13:32 - 2015-12-29 17:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-10 13:32 - 2015-12-24 18:13 - 00000165 _____ C:\Users\Rhomb\AppData\Roaming\sp_data.sys
2016-12-10 13:32 - 2015-12-24 18:13 - 00000000 __SHD C:\Users\Rhomb\IntelGraphicsProfiles
2016-12-10 11:24 - 2016-09-16 12:48 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-10 10:21 - 2016-09-17 20:15 - 00000000 ____D C:\Users\Rhomb\AppData\Local\CrashDumps
2016-12-09 22:57 - 2016-06-27 15:26 - 00000000 ____D C:\Users\Rhomb\AppData\Roaming\TS3Client
2016-12-09 22:56 - 2015-12-24 18:23 - 01388432 _____ C:\Users\Public\VOIP.dat
2016-12-08 22:26 - 2016-02-18 00:10 - 00000000 ____D C:\Users\Rhomb\AppData\Local\ElevatedDiagnostics
2016-12-07 19:48 - 2016-10-02 17:44 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1475426644
2016-12-07 19:48 - 2016-10-02 17:44 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-07 19:48 - 2016-09-16 13:12 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-07 19:48 - 2016-02-26 18:10 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-12-07 19:48 - 2016-02-26 18:10 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-04 23:00 - 2015-12-24 18:13 - 00000000 ____D C:\Users\Rhomb\AppData\Local\Packages
2016-12-04 22:59 - 2016-07-16 23:25 - 00609418 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-04 22:59 - 2016-07-16 23:25 - 00130798 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-04 22:59 - 2015-08-15 06:21 - 01756474 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-04 22:53 - 2016-09-16 13:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-04 22:52 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-04 20:01 - 2016-01-29 10:57 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-04 20:01 - 2016-01-29 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-04 20:01 - 2016-01-29 10:57 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-03 00:40 - 2015-12-24 19:08 - 00000000 ____D C:\Users\Rhomb\AppData\Roaming\.minecraft
2016-12-03 00:18 - 2016-01-08 11:04 - 00002057 _____ C:\Users\Rhomb\Desktop\Vítejte u registrace produktu ASUS.lnk
2016-12-02 22:50 - 2015-12-24 19:05 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-12-01 22:41 - 2016-09-08 17:01 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-12-01 17:47 - 2016-01-14 18:32 - 00000000 ____D C:\Users\Rhomb\AppData\Roaming\Skype
2016-12-01 17:46 - 2016-01-14 18:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-01 17:46 - 2016-01-14 18:31 - 00000000 ____D C:\ProgramData\Skype
2016-11-26 10:54 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-15 16:05 - 2015-12-24 18:23 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 16:05 - 2015-12-24 18:23 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 23:36 - 2016-03-19 23:19 - 00000000 ____D C:\Users\Rhomb\AppData\Roaming\vlc
2016-11-12 18:30 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-12 18:29 - 2016-09-22 16:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-12 18:29 - 2016-03-02 15:05 - 1017825769 _____ C:\WINDOWS\MEMORY.DMP
2016-11-12 17:19 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 16:05 - 2015-10-21 22:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 16:00 - 2016-09-16 12:48 - 00214568 _____ C:\WINDOWS\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2016-08-11 17:49 - 2016-08-11 18:01 - 0000096 _____ () C:\Users\Rhomb\AppData\Roaming\Camdata.ini
2016-08-11 17:49 - 2016-08-11 18:01 - 0000408 _____ () C:\Users\Rhomb\AppData\Roaming\CamLayout.ini
2016-08-11 17:49 - 2016-08-11 18:01 - 0000408 _____ () C:\Users\Rhomb\AppData\Roaming\CamShapes.ini
2016-08-11 17:49 - 2016-08-11 18:01 - 0004509 _____ () C:\Users\Rhomb\AppData\Roaming\CamStudio.cfg
2015-12-24 18:13 - 2016-12-10 13:32 - 0000165 _____ () C:\Users\Rhomb\AppData\Roaming\sp_data.sys

Files to move or delete:
====================
C:\Users\Public\VOIP.dat


Some files in TEMP:
====================
C:\Users\Rhomb\AppData\Local\Temp\libeay32.dll
C:\Users\Rhomb\AppData\Local\Temp\msvcr120.dll
C:\Users\Rhomb\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-30 16:07

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Program vypíná avasta - asi vir

#6 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\system32\Drivers\asw2B44.tmp
C:\WINDOWS\system32\Drivers\asw2AD1.tmp
C:\WINDOWS\system32\Drivers\asw2B34.tmp
C:\WINDOWS\system32\Drivers\asw2B65.tmp
C:\WINDOWS\system32\Drivers\asw2B13.tmp
C:\WINDOWS\system32\Drivers\asw2B23.tmp
C:\WINDOWS\system32\Drivers\asw2B02.tmp
C:\WINDOWS\system32\Drivers\asw2AB1.tmp
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\VOIP.dat
C:\Users\Rhomb\AppData\Local\Temp

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Nevim
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 03 bře 2015 21:21

Re: Program vypíná avasta - asi vir

#7 Příspěvek od Nevim »

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Rhomb (10-12-2016 18:20:11) Run:1
Running from C:\Users\Rhomb\Desktop
Loaded Profiles: Rhomb (Available Profiles: Rhomb)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2849023645-2194865942-4022741743-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\system32\Drivers\asw2B44.tmp
C:\WINDOWS\system32\Drivers\asw2AD1.tmp
C:\WINDOWS\system32\Drivers\asw2B34.tmp
C:\WINDOWS\system32\Drivers\asw2B65.tmp
C:\WINDOWS\system32\Drivers\asw2B13.tmp
C:\WINDOWS\system32\Drivers\asw2B23.tmp
C:\WINDOWS\system32\Drivers\asw2B02.tmp
C:\WINDOWS\system32\Drivers\asw2AB1.tmp
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
C:\Users\Public\VOIP.dat
C:\Users\Rhomb\AppData\Local\Temp

EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2849023645-2194865942-4022741743-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\WINDOWS\system32\Drivers\asw2B44.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2AD1.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2B34.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2B65.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2B13.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2B23.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2B02.tmp => moved successfully
C:\WINDOWS\system32\Drivers\asw2AB1.tmp => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\Users\Public\VOIP.dat => moved successfully

"C:\Users\Rhomb\AppData\Local\Temp" folder move:

Could not move "C:\Users\Rhomb\AppData\Local\Temp" => Scheduled to move on reboot.


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 208725904 B
Java, Flash, Steam htmlcache => 97064668 B
Windows/system/drivers => 163240872 B
Edge => 847906 B
Chrome => 822937052 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 62148 B
NetworkService => 5512 B
Rhomb => 661100380 B

RecycleBin => 0 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-12-2016 18:25:35)

C:\Users\Rhomb\AppData\Local\Temp => moved successfully

==== End of Fixlog 18:25:37 ====
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Program vypíná avasta - asi vir

#8 Příspěvek od Rudy »

Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Nevim
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 03 bře 2015 21:21

Re: Program vypíná avasta - asi vir

#9 Příspěvek od Nevim »

Od tý doby mi nic štíty nevyplo, tak snad už je to dobrý :) Kdyby se to zase vyplo, ozvu se. Jinak díky moc za pomoc :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119672
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Program vypíná avasta - asi vir

#10 Příspěvek od Rudy »

OK, rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“