VIRY.CZ

Zdravím, mohl bych poprosit kontrolu logu ?

Logfile of random's system information tool 1.10 (written by random/random)
Run by Shark_a at 2018-10-10 11:58:47
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 230 GB (48%) free of 477 GB
Total RAM: 2766 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:59, on 10.10.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Shark_a\Downloads\RSIT.exe
C:\Program Files\trend micro\Shark_a.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - Unknown owner - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (file missing)
O23 - Service: Služba %1!s! Update (avastm) (avastm) - Unknown owner - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 3843 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-04-05 143384]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-04-05 176664]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-04-05 178200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-04-05 288768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-10-10 11:58:47 ----D---- C:\rsit
2018-10-10 11:58:47 ----D---- C:\Program Files\trend micro
2018-09-12 11:28:33 ----A---- C:\Windows\system32\drivers\viac7.sys
2018-09-12 11:28:33 ----A---- C:\Windows\system32\drivers\processr.sys
2018-09-12 11:28:33 ----A---- C:\Windows\system32\drivers\intelppm.sys
2018-09-12 11:28:33 ----A---- C:\Windows\system32\drivers\amdppm.sys
2018-09-12 11:28:33 ----A---- C:\Windows\system32\drivers\amdk8.sys

======List of files/folders modified in the last 1 month======

2018-10-10 11:58:58 ----D---- C:\Windows\Prefetch
2018-10-10 11:58:48 ----D---- C:\Windows\Temp
2018-10-10 11:58:47 ----RD---- C:\Program Files
2018-10-10 11:46:43 ----SHD---- C:\Config.Msi
2018-10-10 11:46:42 ----D---- C:\Windows\system32\Tasks
2018-10-10 11:46:41 ----SHD---- C:\Windows\Installer
2018-10-10 11:38:12 ----D---- C:\Windows\System32
2018-10-10 11:38:12 ----D---- C:\Windows\inf
2018-10-10 11:38:12 ----A---- C:\Windows\system32\PerfStringBackup.TMP
2018-10-10 11:13:17 ----D---- C:\Windows\system32\config
2018-10-10 04:42:09 ----D---- C:\Windows\system32\catroot2
2018-10-10 04:40:59 ----D---- C:\Windows\winsxs
2018-10-04 20:33:46 ----SHD---- C:\System Volume Information
2018-09-29 10:44:00 ----D---- C:\Windows\system32\NDF
2018-09-29 08:08:42 ----D---- C:\Windows\system32\drivers
2018-09-29 08:05:11 ----D---- C:\Windows\system32\en-US
2018-09-29 08:05:11 ----D---- C:\Windows\system32\cs-CZ
2018-09-29 08:02:15 ----D---- C:\Program Files\Internet Explorer
2018-09-29 07:58:24 ----SD---- C:\Windows\system32\CompatTel
2018-09-29 07:58:17 ----D---- C:\Windows\AppPatch
2018-09-29 07:56:26 ----D---- C:\Windows\system32\wfp
2018-09-29 07:56:26 ----D---- C:\Windows\system32\DriverStore
2018-09-29 07:56:26 ----D---- C:\Windows
2018-09-29 07:56:16 ----RD---- C:\Program Files\Skype
2018-09-29 07:56:13 ----D---- C:\Program Files\Malwarebytes
2018-09-29 07:56:12 ----D---- C:\Program Files\Common Files\Skype
2018-09-29 07:56:12 ----D---- C:\Program Files\Common Files
2018-09-29 07:56:12 ----D---- C:\Program Files\Codec Pack - All In 1
2018-09-29 07:56:12 ----D---- C:\Program Files\Broadcom
2018-09-29 07:56:00 ----D---- C:\Windows\registration
2018-09-29 07:55:51 ----D---- C:\Windows\system32\wbem
2018-09-29 07:55:48 ----D---- C:\Windows\PolicyDefinitions
2018-09-29 07:54:25 ----SD---- C:\ProgramData\Microsoft
2018-09-29 07:54:21 ----D---- C:\Program Files\DVD Maker
2018-09-29 07:54:20 ----D---- C:\Program Files\Common Files\microsoft shared
2018-09-29 06:41:35 ----D---- C:\Program Files\Windows Media Player
2018-09-29 06:40:53 ----D---- C:\Windows\system32\inetsrv
2018-09-29 06:40:48 ----D---- C:\Windows\system32\LogFiles
2018-09-28 23:12:31 ----SD---- C:\Users\Shark_a\AppData\Roaming\Microsoft
2018-09-28 22:56:25 ----HD---- C:\ProgramData
2018-09-28 22:42:25 ----D---- C:\ProgramData\AVAST Software
2018-09-15 05:04:09 ----D---- C:\Windows\rescache
2018-09-14 22:28:08 ----D---- C:\Windows\Microsoft.NET
2018-09-14 21:09:31 ----D---- C:\Windows\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2018-01-01 173288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2015-10-26 4269120]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-04-05 10542080]
R3 MEI;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECI.sys [2010-10-20 41088]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit; \??\C:\Windows\system32\drivers\mbae.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2018-02-10 52928]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2016-09-05 109184]
S3 MBAMFarflt;MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys []
S3 MBAMProtection;MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys []
S3 MBAMWebProtection;MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-08-29 254568]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2018-02-10 51904]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2018-02-10 52928]
S3 ViaC7;Ovladač procesoru VIA C7; C:\Windows\system32\drivers\viac7.sys [2018-08-10 53248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 wdm_usb;wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [2016-03-10 119952]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 IconMan_R;IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-29 1795176]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-03-21 83984]
S2 avast;Služba %1!s! Update (avast); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2018-03-26 107592]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-26 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-07-18 317408]
S3 avastm;Služba %1!s! Update (avastm); C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-26 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2018-07-19 104960]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2018-03-26 47200]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2018-03-26 136288]

-----------------EOF-----------------

Zdravím!
Spusťte tuto utilitu:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

Ahoj, děkuju za odpověď.
Mám ale prosbu, nejde mi ani tak o odvirování, jakožto o nalezení "důkazu" že je notebook napadaný nějakým malwerem.
Kamarádce někdo pronikl do emailů, sociálních sítí a dlouhodobě ji sledoval. Potřeboval bych zjistit zda k tomu došlo přes tento notebook, nebo jestli je notas nějakým způsobem taky napadaný. Vzhledem k tomu že na něm běží Win7 bych se ani nedivil.

Předem díky za Vás čas.

Nic jiného ani nesleduji. Log jsem zběžně prohlédl a nalezl tam minimálně několik zbytečností. Malware žádný, může být ale skenu FRST skryt. Pokud odmítáte provést sken ADW, mohu říci, že podle skenu FRST je log čistý.