Prosím o kontrolu logu
Napsal: 31 pro 2020 14:58
Dobrý deň. V kľude mám CPU vyťažené na 30-60 %. Ešte včera to bolo 0 - 15 %. Inak PC pracuje normálne.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2020-12-31 14:52:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 14 GB (12%) free of 110 GB
Total RAM: 8154 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:55, on 31. 12. 2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Optimizer Host (AviraOptimizerHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service: Avira Security (AviraSecurity) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
O23 - Service: Avira Updater Service (AviraUpdaterService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service: Avira Security (AviraSecurity) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Installer Service (MBAMInstallerService) - Malwarebytes - C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 5954 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalService
"C:\Windows\SysWOW64\svchost.exe" -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {542F24EA-E1C9-4916-8EA4-310BDD6BA238}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost /makeSystrayVisible
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"
C:\Windows\System32\svchost.exe -k rpcss
\??\C:\Windows\system32\conhost.exe "-90319504617260392641346838240-14727329362080474825-6368162091679423610-960155872
"C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
"C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe"
C:\Windows\SysWOW64\svchost.exe -k rpcss
C:\Windows\system32\wbem\wmiprvse.exe
rundll32.exe "C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll",runDll
taskeng.exe {5259BFCC-E5A4-433B-A458-DB02473BEE28}
"C:\Program Files (x86)\Avira\Home Guard\Avira.HomeGuard.Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_0000157c
"C:\Program Files (x86)\Avira\Antivirus\avscan.exe" /CFG="c:\program files (x86)\avira\antivirus\quicksysscan.avp" /GUIMODE=9 /EXITMODE=3 /JOBNAME="scan_after_installation" /SCHEDULED /STARTSELF
"C:\Program Files (x86)\Avira\Antivirus\avscan.exe" /CFG="c:\program files (x86)\avira\antivirus\quicksysscan.avp" /GUIMODE=9 /EXITMODE=3 /JOBNAME="scan_after_installation" /SCHEDULED
"C:\Users\Martin\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Opera Browser Assistant"=C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-11-25 3154456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2020-11-20 705728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2016-10-08 2138272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TIDAL]
C:\Users\Martin\AppData\Local\TIDAL\update.exe [2019-09-03 1835360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
D:\zde\html\vivaldi\Application\update_notifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPNConnect]
C:\Program Files (x86)\ZPN Connect\ZpnCli.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2020-11-20 705728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2020-12-31 14:52:52 ----D---- C:\rsit
2020-12-31 14:52:52 ----D---- C:\Program Files\trend micro
2020-12-31 14:49:39 ----D---- C:\Program Files\WinPcap
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avusbflt.sys
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2020-12-31 14:49:27 ----A---- C:\Windows\system32\drivers\avipbb.sys
2020-12-31 14:49:27 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2020-12-31 14:49:26 ----A---- C:\Windows\system32\drivers\avdevprot.sys
2020-12-31 14:45:30 ----D---- C:\Program Files (x86)\Avira
2020-12-31 14:45:28 ----D---- C:\ProgramData\Avira
2020-12-31 14:42:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2020-12-31 14:42:21 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2020-12-31 12:43:03 ----D---- C:\Program Files\CCleaner
2020-12-31 12:29:37 ----A---- C:\Windows\system32\drivers\mwac.sys
2020-12-31 12:29:26 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2020-12-31 12:29:25 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-12-31 12:18:10 ----D---- C:\ProgramData\Malwarebytes
2020-12-14 17:28:21 ----D---- C:\Users\Martin\AppData\Roaming\VBox
======List of files/folders modified in the last 1 month======
2020-12-31 14:52:55 ----D---- C:\Windows\temp
2020-12-31 14:52:52 ----RD---- C:\Program Files
2020-12-31 14:51:28 ----D---- C:\Windows\system32\Tasks
2020-12-31 14:50:12 ----D---- C:\Windows\system32\catroot
2020-12-31 14:50:06 ----D---- C:\Windows\System32
2020-12-31 14:50:06 ----D---- C:\Windows\inf
2020-12-31 14:50:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-12-31 14:50:03 ----SHD---- C:\Windows\Installer
2020-12-31 14:50:02 ----D---- C:\Config.Msi
2020-12-31 14:49:39 ----D---- C:\Windows\SysWOW64
2020-12-31 14:49:39 ----D---- C:\Windows\system32\drivers
2020-12-31 14:47:55 ----D---- C:\Windows\Microsoft.NET
2020-12-31 14:46:08 ----RSD---- C:\Windows\Fonts
2020-12-31 14:45:30 ----RD---- C:\Program Files (x86)
2020-12-31 14:45:28 ----D---- C:\ProgramData
2020-12-31 14:45:18 ----D---- C:\ProgramData\Package Cache
2020-12-31 14:44:31 ----D---- C:\Windows\AppPatch
2020-12-31 14:43:10 ----D---- C:\Windows\system32\config
2020-12-31 14:42:21 ----D---- C:\Windows\winsxs
2020-12-31 14:42:15 ----SHD---- C:\System Volume Information
2020-12-31 14:39:10 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2020-12-31 12:51:41 ----D---- C:\Windows
2020-12-31 12:44:43 ----D---- C:\Windows\Minidump
2020-12-31 12:39:26 ----D---- C:\Windows\system32\catroot2
2020-12-31 12:28:26 ----D---- C:\Windows\SYSWOW64\drivers
2020-12-27 10:50:03 ----D---- C:\Windows\Tasks
2020-12-27 10:50:03 ----D---- C:\Windows\system32\Macromed
2020-12-27 10:49:22 ----D---- C:\Windows\SYSWOW64\Macromed
2020-12-22 13:16:44 ----A---- C:\Windows\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2019-06-07 68152]
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2019-06-07 68152]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2019-03-20 35376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2020-04-30 178720]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2019-03-20 36072]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2017-12-03 197240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2020-11-12 222200]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2019-03-20 78600]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2019-03-20 78600]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2020-12-31 220160]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2018-12-19 36600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2016-04-20 150272]
R3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2016-04-20 451320]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0121.sys [2016-09-18 38432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2017-12-21 1077696]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2016-06-28 42064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-12-31 248968]
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2020-12-31 127088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2019-01-23 7947096]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2020-09-24 483432]
R2 AviraOptimizerHost;Avira Optimizer Host; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2020-06-03 2988544]
R2 AviraPhantomVPN;Avira Phantom VPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [2020-12-01 384360]
R2 AviraSecurity;Avira Security; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [2020-12-31 244888]
R2 AviraSecurity;Avira Security; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [2020-12-31 244888]
R2 AviraUpdaterService;Avira Updater Service; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [2020-12-16 161072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-11-28 42096]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2020-10-15 573960]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S2 MBAMInstallerService;Malwarebytes Installer Service; C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe [2020-12-31 6716872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-11-07 194032]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2020-12-31 14:52:52
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 14 GB (12%) free of 110 GB
Total RAM: 8154 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:52:55, on 31. 12. 2020
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Optimizer Host (AviraOptimizerHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
O23 - Service: Avira Phantom VPN (AviraPhantomVPN) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service: Avira Security (AviraSecurity) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
O23 - Service: Avira Updater Service (AviraUpdaterService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service: Avira Security (AviraSecurity) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Installer Service (MBAMInstallerService) - Malwarebytes - C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 5954 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalService
"C:\Windows\SysWOW64\svchost.exe" -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskeng.exe {542F24EA-E1C9-4916-8EA4-310BDD6BA238}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost /makeSystrayVisible
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe"
C:\Windows\System32\svchost.exe -k rpcss
\??\C:\Windows\system32\conhost.exe "-90319504617260392641346838240-14727329362080474825-6368162091679423610-960155872
"C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe"
"C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe"
C:\Windows\SysWOW64\svchost.exe -k rpcss
C:\Windows\system32\wbem\wmiprvse.exe
rundll32.exe "C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll",runDll
taskeng.exe {5259BFCC-E5A4-433B-A458-DB02473BEE28}
"C:\Program Files (x86)\Avira\Home Guard\Avira.HomeGuard.Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe"
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_0000157c
"C:\Program Files (x86)\Avira\Antivirus\avscan.exe" /CFG="c:\program files (x86)\avira\antivirus\quicksysscan.avp" /GUIMODE=9 /EXITMODE=3 /JOBNAME="scan_after_installation" /SCHEDULED /STARTSELF
"C:\Program Files (x86)\Avira\Antivirus\avscan.exe" /CFG="c:\program files (x86)\avira\antivirus\quicksysscan.avp" /GUIMODE=9 /EXITMODE=3 /JOBNAME="scan_after_installation" /SCHEDULED
"C:\Users\Martin\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Opera Browser Assistant"=C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-11-25 3154456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2020-11-20 705728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2016-10-08 2138272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TIDAL]
C:\Users\Martin\AppData\Local\TIDAL\update.exe [2019-09-03 1835360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
D:\zde\html\vivaldi\Application\update_notifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPNConnect]
C:\Program Files (x86)\ZPN Connect\ZpnCli.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2020-11-20 705728]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2020-12-31 14:52:52 ----D---- C:\rsit
2020-12-31 14:52:52 ----D---- C:\Program Files\trend micro
2020-12-31 14:49:39 ----D---- C:\Program Files\WinPcap
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avusbflt.sys
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2020-12-31 14:49:28 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2020-12-31 14:49:27 ----A---- C:\Windows\system32\drivers\avipbb.sys
2020-12-31 14:49:27 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2020-12-31 14:49:26 ----A---- C:\Windows\system32\drivers\avdevprot.sys
2020-12-31 14:45:30 ----D---- C:\Program Files (x86)\Avira
2020-12-31 14:45:28 ----D---- C:\ProgramData\Avira
2020-12-31 14:42:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2020-12-31 14:42:21 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2020-12-31 12:43:03 ----D---- C:\Program Files\CCleaner
2020-12-31 12:29:37 ----A---- C:\Windows\system32\drivers\mwac.sys
2020-12-31 12:29:26 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2020-12-31 12:29:25 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-12-31 12:18:10 ----D---- C:\ProgramData\Malwarebytes
2020-12-14 17:28:21 ----D---- C:\Users\Martin\AppData\Roaming\VBox
======List of files/folders modified in the last 1 month======
2020-12-31 14:52:55 ----D---- C:\Windows\temp
2020-12-31 14:52:52 ----RD---- C:\Program Files
2020-12-31 14:51:28 ----D---- C:\Windows\system32\Tasks
2020-12-31 14:50:12 ----D---- C:\Windows\system32\catroot
2020-12-31 14:50:06 ----D---- C:\Windows\System32
2020-12-31 14:50:06 ----D---- C:\Windows\inf
2020-12-31 14:50:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-12-31 14:50:03 ----SHD---- C:\Windows\Installer
2020-12-31 14:50:02 ----D---- C:\Config.Msi
2020-12-31 14:49:39 ----D---- C:\Windows\SysWOW64
2020-12-31 14:49:39 ----D---- C:\Windows\system32\drivers
2020-12-31 14:47:55 ----D---- C:\Windows\Microsoft.NET
2020-12-31 14:46:08 ----RSD---- C:\Windows\Fonts
2020-12-31 14:45:30 ----RD---- C:\Program Files (x86)
2020-12-31 14:45:28 ----D---- C:\ProgramData
2020-12-31 14:45:18 ----D---- C:\ProgramData\Package Cache
2020-12-31 14:44:31 ----D---- C:\Windows\AppPatch
2020-12-31 14:43:10 ----D---- C:\Windows\system32\config
2020-12-31 14:42:21 ----D---- C:\Windows\winsxs
2020-12-31 14:42:15 ----SHD---- C:\System Volume Information
2020-12-31 14:39:10 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2020-12-31 12:51:41 ----D---- C:\Windows
2020-12-31 12:44:43 ----D---- C:\Windows\Minidump
2020-12-31 12:39:26 ----D---- C:\Windows\system32\catroot2
2020-12-31 12:28:26 ----D---- C:\Windows\SYSWOW64\drivers
2020-12-27 10:50:03 ----D---- C:\Windows\Tasks
2020-12-27 10:50:03 ----D---- C:\Windows\system32\Macromed
2020-12-27 10:49:22 ----D---- C:\Windows\SYSWOW64\Macromed
2020-12-22 13:16:44 ----A---- C:\Windows\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2019-06-07 68152]
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2019-06-07 68152]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2019-03-20 35376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2020-04-30 178720]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2019-03-20 36072]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2017-12-03 197240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2020-11-12 222200]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2019-03-20 78600]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2019-03-20 78600]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2020-12-31 220160]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2018-12-19 36600]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2016-04-20 150272]
R3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2016-04-20 451320]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0121.sys [2016-09-18 38432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2017-12-21 1077696]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2016-06-28 42064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-12-31 248968]
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2020-12-31 127088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2019-01-23 7947096]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2020-09-24 483432]
R2 AviraOptimizerHost;Avira Optimizer Host; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2020-06-03 2988544]
R2 AviraPhantomVPN;Avira Phantom VPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [2020-12-01 384360]
R2 AviraSecurity;Avira Security; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [2020-12-31 244888]
R2 AviraSecurity;Avira Security; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [2020-12-31 244888]
R2 AviraUpdaterService;Avira Updater Service; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [2020-12-16 161072]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-11-28 42096]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2020-10-15 573960]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S2 MBAMInstallerService;Malwarebytes Installer Service; C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe [2020-12-31 6716872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-11-07 194032]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
