Prosím o kontrolu logu
Napsal: 01 led 2021 11:43
Dobrý deň,
nainštaloval som AVAST. Našiel mi 15 malware hrozieb.Dal ich do truhly, ale pre istotu dávam blog.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2021-01-01 11:39:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 13 GB (12%) free of 110 GB
Total RAM: 8154 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:13, on 1. 1. 2021
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Avast Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Avast Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Installer Service (MBAMInstallerService) - Malwarebytes - C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 5002 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalService
"C:\Windows\SysWOW64\svchost.exe" -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc
"C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Avast Software\Avast\aswEngSrv.exe" /pipename="5AFFEA64-4AC2-6D1C-1464-0B786DA71B2E" /binpath="C:\Program Files\Avast Software\Avast"
taskeng.exe {74F96FFE-4FFA-42A0-84AE-178EE85E36D3}
taskeng.exe {3C9E48C3-A580-4494-AA24-878719A8F0C5}
AvastUI.exe /nogui
"C:\Program Files\Avast Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=MAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7540 /prefetch:2
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --force-wave-audio --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7824 /prefetch:8
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k rpcss
\??\C:\Windows\system32\conhost.exe "3747646022066073532-1312558576-2046404893-148800528218126969421696105046-1958911983
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=audio --no-sandbox --force-wave-audio --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=8656 /prefetch:8
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
rundll32.exe "C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll",runDll
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Users\Martin\Downloads\RSITx64 (1).exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\Avast Software\Avast\AvLaunch.exe [2021-01-01 117352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Opera Browser Assistant"=C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-11-25 3154456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2016-10-08 2138272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TIDAL]
C:\Users\Martin\AppData\Local\TIDAL\update.exe [2019-09-03 1835360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
D:\zde\html\vivaldi\Application\update_notifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPNConnect]
C:\Program Files (x86)\ZPN Connect\ZpnCli.exe []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2021-01-01 11:39:10 ----D---- C:\rsit
2021-01-01 11:30:32 ----D---- C:\Users\Martin\AppData\Roaming\Avast Software
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswStm.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswNetHub.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbuniv.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbidsh.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbidsdriver.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswArDisk.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\aswBoot.exe
2021-01-01 11:29:15 ----D---- C:\Program Files\Common Files\Avast Software
2021-01-01 11:28:13 ----D---- C:\Program Files\Avast Software
2020-12-31 15:11:50 ----D---- C:\Program Files (x86)\GUM6C78.tmp
2020-12-31 15:11:50 ----A---- C:\Program Files (x86)\GUT6C89.tmp
2020-12-31 15:09:38 ----A---- C:\Windows\system32\drivers\staport.sys
2020-12-31 15:08:05 ----D---- C:\ProgramData\Avast Software
2020-12-31 14:52:52 ----D---- C:\Program Files\trend micro
2020-12-31 14:49:39 ----D---- C:\Program Files\WinPcap
2020-12-31 14:45:28 ----D---- C:\ProgramData\Avira
2020-12-31 14:42:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2020-12-31 14:42:21 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2020-12-31 12:29:37 ----A---- C:\Windows\system32\drivers\mwac.sys
2020-12-31 12:29:26 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2020-12-31 12:29:25 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-12-31 12:18:10 ----D---- C:\ProgramData\Malwarebytes
2020-12-14 17:28:21 ----D---- C:\Users\Martin\AppData\Roaming\VBox
======List of files/folders modified in the last 1 month======
2021-01-01 11:39:11 ----D---- C:\Windows\temp
2021-01-01 11:33:31 ----D---- C:\Windows\AppPatch
2021-01-01 11:33:25 ----D---- C:\Windows\system32\drivers
2021-01-01 11:29:33 ----D---- C:\Windows\system32\Tasks
2021-01-01 11:29:30 ----D---- C:\Windows\inf
2021-01-01 11:29:29 ----D---- C:\Windows\system32\DriverStore
2021-01-01 11:29:29 ----D---- C:\Windows\system32\catroot
2021-01-01 11:29:18 ----D---- C:\Windows\System32
2021-01-01 11:29:15 ----D---- C:\Program Files\Common Files
2021-01-01 11:28:13 ----D---- C:\Program Files
2021-01-01 11:05:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-12-31 15:55:43 ----SHD---- C:\Windows\Installer
2020-12-31 15:55:43 ----D---- C:\Config.Msi
2020-12-31 15:39:47 ----RD---- C:\Program Files (x86)
2020-12-31 15:27:47 ----D---- C:\Program Files (x86)\Adobe
2020-12-31 15:26:34 ----D---- C:\Windows\SysWOW64
2020-12-31 15:26:27 ----SHD---- C:\System Volume Information
2020-12-31 15:13:42 ----D---- C:\ProgramData
2020-12-31 15:11:50 ----D---- C:\Program Files (x86)\Google
2020-12-31 15:06:05 ----D---- C:\ProgramData\Package Cache
2020-12-31 14:47:55 ----D---- C:\Windows\Microsoft.NET
2020-12-31 14:46:08 ----RSD---- C:\Windows\Fonts
2020-12-31 14:43:10 ----D---- C:\Windows\system32\config
2020-12-31 14:42:21 ----D---- C:\Windows\winsxs
2020-12-31 14:39:10 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2020-12-31 12:51:41 ----D---- C:\Windows
2020-12-31 12:44:43 ----D---- C:\Windows\Minidump
2020-12-31 12:39:26 ----D---- C:\Windows\system32\catroot2
2020-12-31 12:28:26 ----D---- C:\Windows\SYSWOW64\drivers
2020-12-27 10:50:03 ----D---- C:\Windows\Tasks
2020-12-27 10:50:03 ----D---- C:\Windows\system32\Macromed
2020-12-27 10:49:22 ----D---- C:\Windows\SYSWOW64\Macromed
2020-12-22 13:16:44 ----A---- C:\Windows\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2021-01-01 36792]
R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2021-01-01 36792]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2021-01-01 247888]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2021-01-01 97360]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2021-01-01 97360]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2021-01-01 84496]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2021-01-01 326064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2021-01-01 208672]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2021-01-01 42424]
R1 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2021-01-01 176384]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2021-01-01 522480]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2021-01-01 108928]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2021-01-01 851256]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2021-01-01 469472]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2017-12-03 197240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2021-01-01 216984]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2020-12-31 220160]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2016-04-20 150272]
R3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2016-04-20 451320]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2021-01-01 38152]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0121.sys [2016-09-18 38432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2017-12-21 1077696]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2016-06-28 42064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S1 staport;staport; C:\Windows\system32\drivers\staport.sys [2021-01-01 44568]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-12-31 248968]
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2020-12-31 127088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2019-01-23 7947096]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [2021-01-01 621728]
R2 avast! Tools;Avast Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [2021-01-01 351848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-11-28 42096]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [2021-01-01 8477080]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S2 MBAMInstallerService;Malwarebytes Installer Service; C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe [2020-12-31 6716872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-11-07 194032]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
-----------------EOF-----------------
nainštaloval som AVAST. Našiel mi 15 malware hrozieb.Dal ich do truhly, ale pre istotu dávam blog.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Martin at 2021-01-01 11:39:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 13 GB (12%) free of 110 GB
Total RAM: 8154 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:13, on 1. 1. 2021
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\trend micro\Martin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Avast Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Avast Software\Avast\AvastSvc.exe
O23 - Service: Avast Tools (avast! Tools) - AVAST Software - C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Installer Service (MBAMInstallerService) - Malwarebytes - C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 5002 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
atieclxx
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\SysWOW64\svchost.exe" -k LocalService
"C:\Windows\SysWOW64\svchost.exe" -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\Avast Software\Avast\AvastSvc.exe" /runassvc
"C:\Program Files\Avast Software\Avast\aswToolsSvc.exe" /runassvc
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\system32\DbxSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Avast Software\Avast\aswEngSrv.exe" /pipename="5AFFEA64-4AC2-6D1C-1464-0B786DA71B2E" /binpath="C:\Program Files\Avast Software\Avast"
taskeng.exe {74F96FFE-4FFA-42A0-84AE-178EE85E36D3}
taskeng.exe {3C9E48C3-A580-4494-AA24-878719A8F0C5}
AvastUI.exe /nogui
"C:\Program Files\Avast Software\Avast\aswidsagent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=gpu-process --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --no-sandbox --disable-gpu-driver-bug-workarounds --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --gpu-preferences=MAAAAAAAAADgAABwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7540 /prefetch:2
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=network --no-sandbox --force-wave-audio --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=7824 /prefetch:8
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k rpcss
\??\C:\Windows\system32\conhost.exe "3747646022066073532-1312558576-2046404893-148800528218126969421696105046-1958911983
"C:\Program Files\Avast Software\Avast\AvastUI.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=7528,13869290426255864975,8107361609883580877,131072 --enable-features=CastMediaRouteProvider --disable-features=OutOfBlinkCors --lang=en-US --service-sandbox-type=audio --no-sandbox --force-wave-audio --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --log-severity=error --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.3.3626.1895 Safari/537.36 Avastium (20.10.2442)" --lang=en-US --proxy-auto-detect --disable-webaudio --force-wave-audio --disable-software-rasterizer --no-sandbox --blacklist-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-compositing --disable-accelerated-layers --disable-accelerated-video-decode --blacklist-webgl --disable-bundled-ppapi-flash --disable-flash-3d --enable-aggressive-domstorage-flushing --enable-media-stream --allow-file-access-from-files=1 --pack_loading_disabled=1 --log-file="C:\Users\Martin\AppData\Roaming\Avast Software\Avast\log\cef_log.txt" --mojo-platform-channel-handle=8656 /prefetch:8
wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe
rundll32.exe "C:\Users\Martin\AppData\Roaming\kclap5962\kclap5962_core.dll",runDll
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Users\Martin\Downloads\RSITx64 (1).exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-11-07 255088]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-11-07 193136]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\Avast Software\Avast\AvLaunch.exe [2021-01-01 117352]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Opera Browser Assistant"=C:\Users\Martin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [2020-11-25 3154456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira SystrayStartTrigger]
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2016-10-08 2138272]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
C:\Users\Martin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [2015-07-28 767176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TIDAL]
C:\Users\Martin\AppData\Local\TIDAL\update.exe [2019-09-03 1835360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vivaldi Update Notifier]
D:\zde\html\vivaldi\Application\update_notifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPNConnect]
C:\Program Files (x86)\ZPN Connect\ZpnCli.exe []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2021-01-01 11:39:10 ----D---- C:\rsit
2021-01-01 11:30:32 ----D---- C:\Users\Martin\AppData\Roaming\Avast Software
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswStm.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswSP.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswNetNd6.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswNetHub.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbuniv.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbidsh.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswbidsdriver.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswArPot.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\drivers\aswArDisk.sys
2021-01-01 11:29:18 ----A---- C:\Windows\system32\aswBoot.exe
2021-01-01 11:29:15 ----D---- C:\Program Files\Common Files\Avast Software
2021-01-01 11:28:13 ----D---- C:\Program Files\Avast Software
2020-12-31 15:11:50 ----D---- C:\Program Files (x86)\GUM6C78.tmp
2020-12-31 15:11:50 ----A---- C:\Program Files (x86)\GUT6C89.tmp
2020-12-31 15:09:38 ----A---- C:\Windows\system32\drivers\staport.sys
2020-12-31 15:08:05 ----D---- C:\ProgramData\Avast Software
2020-12-31 14:52:52 ----D---- C:\Program Files\trend micro
2020-12-31 14:49:39 ----D---- C:\Program Files\WinPcap
2020-12-31 14:45:28 ----D---- C:\ProgramData\Avira
2020-12-31 14:42:21 ----A---- C:\Windows\SYSWOW64\D3DCompiler_47.dll
2020-12-31 14:42:21 ----A---- C:\Windows\system32\D3DCompiler_47.dll
2020-12-31 12:29:37 ----A---- C:\Windows\system32\drivers\mwac.sys
2020-12-31 12:29:26 ----A---- C:\Windows\system32\drivers\MbamChameleon.sys
2020-12-31 12:29:25 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2020-12-31 12:18:10 ----D---- C:\ProgramData\Malwarebytes
2020-12-14 17:28:21 ----D---- C:\Users\Martin\AppData\Roaming\VBox
======List of files/folders modified in the last 1 month======
2021-01-01 11:39:11 ----D---- C:\Windows\temp
2021-01-01 11:33:31 ----D---- C:\Windows\AppPatch
2021-01-01 11:33:25 ----D---- C:\Windows\system32\drivers
2021-01-01 11:29:33 ----D---- C:\Windows\system32\Tasks
2021-01-01 11:29:30 ----D---- C:\Windows\inf
2021-01-01 11:29:29 ----D---- C:\Windows\system32\DriverStore
2021-01-01 11:29:29 ----D---- C:\Windows\system32\catroot
2021-01-01 11:29:18 ----D---- C:\Windows\System32
2021-01-01 11:29:15 ----D---- C:\Program Files\Common Files
2021-01-01 11:28:13 ----D---- C:\Program Files
2021-01-01 11:05:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2020-12-31 15:55:43 ----SHD---- C:\Windows\Installer
2020-12-31 15:55:43 ----D---- C:\Config.Msi
2020-12-31 15:39:47 ----RD---- C:\Program Files (x86)
2020-12-31 15:27:47 ----D---- C:\Program Files (x86)\Adobe
2020-12-31 15:26:34 ----D---- C:\Windows\SysWOW64
2020-12-31 15:26:27 ----SHD---- C:\System Volume Information
2020-12-31 15:13:42 ----D---- C:\ProgramData
2020-12-31 15:11:50 ----D---- C:\Program Files (x86)\Google
2020-12-31 15:06:05 ----D---- C:\ProgramData\Package Cache
2020-12-31 14:47:55 ----D---- C:\Windows\Microsoft.NET
2020-12-31 14:46:08 ----RSD---- C:\Windows\Fonts
2020-12-31 14:43:10 ----D---- C:\Windows\system32\config
2020-12-31 14:42:21 ----D---- C:\Windows\winsxs
2020-12-31 14:39:10 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2020-12-31 12:51:41 ----D---- C:\Windows
2020-12-31 12:44:43 ----D---- C:\Windows\Minidump
2020-12-31 12:39:26 ----D---- C:\Windows\system32\catroot2
2020-12-31 12:28:26 ----D---- C:\Windows\SYSWOW64\drivers
2020-12-27 10:50:03 ----D---- C:\Windows\Tasks
2020-12-27 10:50:03 ----D---- C:\Windows\system32\Macromed
2020-12-27 10:49:22 ----D---- C:\Windows\SYSWOW64\Macromed
2020-12-22 13:16:44 ----A---- C:\Windows\WORDPAD.INI
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2021-01-01 36792]
R0 aswArDisk;aswArDisk; C:\Windows\system32\drivers\aswArDisk.sys [2021-01-01 36792]
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidsh.sys [2021-01-01 247888]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2021-01-01 97360]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbuniv.sys [2021-01-01 97360]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2021-01-01 84496]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2021-01-01 326064]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2012-04-22 213888]
R1 aswArPot;aswArPot; C:\Windows\system32\drivers\aswArPot.sys [2021-01-01 208672]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2021-01-01 42424]
R1 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2021-01-01 176384]
R1 aswNetHub;aswNetHub; C:\Windows\system32\drivers\aswNetHub.sys [2021-01-01 522480]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2021-01-01 108928]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2021-01-01 851256]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2021-01-01 469472]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2017-12-03 197240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-04-22 60416]
R2 AODDriver4.3;AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [2014-02-11 59616]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2021-01-01 216984]
R2 MBAMChameleon;MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [2020-12-31 220160]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-07-29 21622784]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-07-29 665088]
R3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2016-04-20 150272]
R3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2016-04-20 451320]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2021-01-01 38152]
R3 athur;Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-10-03 33240]
R3 Neo_VPN;VPN Client Device Driver - VPN; C:\Windows\system32\DRIVERS\Neo_0121.sys [2016-09-18 38432]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2017-12-21 1077696]
R3 taphss6;Anchorfree HSS VPN Adapter; C:\Windows\system32\DRIVERS\taphss6.sys [2016-06-28 42064]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-04-22 18432]
S1 staport;staport; C:\Windows\system32\drivers\staport.sys [2021-01-01 44568]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2012-04-22 95232]
S3 MBAMSwissArmy;MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [2020-12-31 248968]
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [2020-12-31 127088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys [2019-01-23 7947096]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap0901;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2016-04-21 27136]
S3 tap-tb-0901;TunnelBear Adapter V9; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [2015-08-10 38656]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [2021-01-01 621728]
R2 avast! Tools;Avast Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [2021-01-01 351848]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2019-03-28 132792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2019-03-28 158912]
R2 DbxSvc;DbxSvc; C:\Windows\system32\DbxSvc.exe [2016-11-28 42096]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [2021-01-01 8477080]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S2 MBAMInstallerService;Malwarebytes Installer Service; C:\Users\Martin\AppData\Local\Temp\MBAMInstallerService.exe [2020-12-31 6716872]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07 153752]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2016-11-07 194032]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2019-03-28 54912]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2019-03-28 136256]
-----------------EOF-----------------
Ake hrozby nasiel Avast?