VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Podozrenie na vírus - prosím o kontrolu logu combofix

https://forum.viry.cz:443/viewtopic.php?t=137973

Stránka 1 z 1

Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 13 kvě 2014 14:06
od onlinetip
Mám podozrenie na vírus. Prosím o prekontrolovanie logu, či je tomu naozaj tak. Ďakujem.

ComboFix 14-05-13.01 - Pato . 05. 2014 14:53:36.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4079.2305 [GMT 2:00]
Running from: c:\users\Pato\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
.
.
((((((((((((((((((((((((( Files Created from 2014-04-13 to 2014-05-13 )))))))))))))))))))))))))))))))
.
.
2014-05-13 12:58 . 2014-05-13 12:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-13 12:58 . 2014-05-13 12:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-13 12:58 . 2014-05-13 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-13 08:30 . 2014-05-13 08:32 -------- d-----w- c:\users\Pato\AppData\Roaming\Notepad++
2014-05-13 08:30 . 2014-05-13 08:30 -------- d-----w- c:\program files (x86)\Notepad++
2014-05-12 20:24 . 2014-04-16 01:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ACB1FD65-7579-4BA8-82AB-4F44B3CCAE23}\mpengine.dll
2014-05-08 18:41 . 2014-05-02 18:54 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6FDD4C4B-2C0C-4ECD-A349-ECC3924A6D8E}\gapaengine.dll
2014-05-08 18:40 . 2014-04-16 01:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-06 09:20 . 2014-05-06 09:21 -------- d-----w- C:\public_html
2014-05-02 19:45 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-02 19:45 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-02 19:45 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-04-30 13:24 . 2014-04-30 17:00 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-04-28 21:52 . 2014-04-28 21:52 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-28 21:52 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-04-28 21:52 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-19 08:08 . 2014-05-02 18:54 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-18 19:46 . 2014-04-18 19:46 -------- d-----w- c:\users\Pato\AppData\Roaming\RoboForm
2014-04-18 19:45 . 2014-04-18 19:45 -------- d-----w- c:\programdata\RoboForm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 12:07 . 2013-12-01 21:50 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 12:07 . 2013-12-01 21:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-08 18:26 . 2013-12-01 22:29 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-28 11:05 . 2014-03-28 11:04 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 12:45 . 2014-04-11 11:14 891168 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-27 12:45 . 2014-04-11 11:14 864600 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-27 12:45 . 2014-04-11 11:14 859592 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-27 12:45 . 2014-04-11 11:14 836544 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-27 12:45 . 2014-04-11 11:14 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-27 12:45 . 2014-04-11 11:14 3139928 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-27 12:45 . 2014-04-11 11:14 31270856 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-27 12:45 . 2014-04-11 11:14 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-27 12:45 . 2014-04-11 11:14 2785056 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-11 11:14 25257416 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-27 12:45 . 2014-04-11 11:14 2413344 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-11 11:14 23785416 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-27 12:45 . 2014-04-11 11:14 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-27 12:45 . 2014-04-11 11:14 2949976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-27 12:45 . 2014-04-11 11:14 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-27 12:45 . 2014-04-11 11:14 9734744 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-27 12:45 . 2014-04-11 11:14 9697128 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-27 12:45 . 2014-04-11 11:14 894752 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-27 12:45 . 2014-04-11 11:14 1890080 ----a-w- c:\windows\system32\nvdispco6433750.dll
2014-03-27 12:45 . 2014-04-11 11:14 17467048 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-27 12:45 . 2014-04-11 11:14 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-27 12:45 . 2014-04-11 11:14 1539416 ----a-w- c:\windows\system32\nvdispgenco6433750.dll
2014-03-27 12:45 . 2014-04-11 11:14 13158232 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-27 12:45 . 2014-04-11 11:14 11644392 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-27 12:45 . 2014-04-11 11:14 11598560 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-27 12:45 . 2014-03-28 12:40 14422856 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-27 12:45 . 2014-01-30 20:47 15964736 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-27 12:45 . 2014-01-30 20:46 2728160 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-27 12:45 . 2013-12-01 21:38 3106688 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-27 12:45 . 2013-10-28 12:22 18493952 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-27 12:45 . 2013-10-28 12:22 952440 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-27 02:11 . 2010-11-09 10:17 6768584 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-27 02:11 . 2010-11-09 10:17 3512664 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-27 02:11 . 2010-11-09 10:17 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-27 02:11 . 2010-11-09 10:17 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-03-27 02:11 . 2010-11-09 10:17 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-27 02:11 . 2010-11-09 10:17 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-26 21:40 . 2014-04-11 11:23 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-24 10:31 . 2013-12-01 22:25 3683457 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-11 07:52 . 2013-09-27 07:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 04:43 . 2014-04-08 09:11 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7C9C3DC-A171-4911-914D-8B1AFF67F80C}\mpengine.dll
2014-03-06 09:31 . 2014-04-09 11:35 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-09 11:35 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-09 11:36 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-09 11:35 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-09 11:35 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-09 11:35 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-09 11:35 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-09 11:36 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-09 11:35 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-09 11:35 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-09 11:35 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-09 11:35 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-09 11:35 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-09 11:35 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-09 11:35 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-09 11:35 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-09 11:36 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-09 11:35 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-09 11:35 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-09 11:35 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-09 11:35 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-09 11:35 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-09 11:35 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-09 11:35 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-09 11:35 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-09 11:35 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-09 11:35 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-09 11:35 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-09 11:35 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-09 11:35 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-09 11:35 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-09 11:35 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-09 11:35 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-03-28 12:40 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-28 12:40 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 09:44 . 2014-04-08 18:25 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 18:25 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 18:25 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-08 18:25 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 18:25 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-08 18:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 18:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 18:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 18:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 18:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 18:25 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\Pato\AppData\Roaming\ICQM\icq.exe" [2014-04-15 33664344]
"GoogleChromeAutoLaunch_87E41254153B327458463FB130EADC96"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys;c:\windows\SYSNATIVE\DRIVERS\FintekCIR.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-26 21:41 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-01 12:07]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 22:03]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 22:03]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000Core.job
- c:\users\Pato\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-14 12:23]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000UA.job
- c:\users\Pato\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-14 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{309AEE3F-2CE8-4B3C-B39F-AA5F04616AB0}: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\5n3h5utt.default\
FF - prefs.js: browser.startup.homepage - hxxp://onlinetip.sk/|http://mail.zoznam.sk/|http://vykecajsa ... /login.php
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - ExtSQL: !HIDDEN! 2013-12-03 01:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
Completion time: 2014-05-13 14:59:40
ComboFix-quarantined-files.txt 2014-05-13 12:59
.
Pre-Run: 944 757 673 984 bytes free
Post-Run: 944 588 800 000 bytes free
.
- - End Of File - - 64149707D0528EEA9D4041C972E09D58
A36C5E4F47E84449FF07ED3517B43A31

Re: Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 13 kvě 2014 17:54
od Rudy
Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesinálům, bez doporučení rádce? Hodláte si poškodit systém, nebo některou aplikaci? Je vidět, že jste nečetl pravidla fóra.

Otevřte poznámkový blok s zkopírujte do něj:
KillAll::

File:
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000UA.job

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Re: Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 14 kvě 2014 16:17
od onlinetip
Dobrý deň.

Combofix som stiahnul priamo z linku ktorý ste mi odporúčal už v minulosti. Nechcel som tu znova napísať, že mám podozrenie na vírus a rovno som spravil log combofix. Ak som mal postupovať inak, ospravedlňujem sa. Nižšie posielam ďalší log, podľa návodu, ktorý ste mi poslal. Ďakujem za Vašu odpoveď.

"Citace:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware."



ComboFix 14-05-13.01 - Pato . 05. 2014 16:48:30.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4079.1983 [GMT 2:00]
Running from: c:\users\Pato\Desktop\ComboFix.exe
Command switches used :: c:\users\Pato\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-14 to 2014-05-14 )))))))))))))))))))))))))))))))
.
.
2014-05-14 14:52 . 2014-05-14 14:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-14 14:52 . 2014-05-14 14:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-05-14 14:52 . 2014-05-14 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-14 14:44 . 2014-04-16 01:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F09142AB-CCD4-470C-9261-06A660590D3B}\mpengine.dll
2014-05-14 11:13 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-14 11:13 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 11:13 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-14 11:13 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-13 13:25 . 2014-05-02 18:54 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{217FE2CF-FC0D-4CE2-8430-BA964375463D}\gapaengine.dll
2014-05-13 13:25 . 2014-04-16 01:22 10651704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-13 08:30 . 2014-05-13 08:32 -------- d-----w- c:\users\Pato\AppData\Roaming\Notepad++
2014-05-13 08:30 . 2014-05-13 08:30 -------- d-----w- c:\program files (x86)\Notepad++
2014-05-06 09:20 . 2014-05-06 09:21 -------- d-----w- C:\public_html
2014-04-30 13:24 . 2014-04-30 17:00 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-04-28 21:52 . 2014-05-14 11:20 -------- d-s---w- c:\windows\system32\CompatTel
2014-04-19 08:08 . 2014-05-02 18:54 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-18 19:46 . 2014-04-18 19:46 -------- d-----w- c:\users\Pato\AppData\Roaming\RoboForm
2014-04-18 19:45 . 2014-04-18 19:45 -------- d-----w- c:\programdata\RoboForm
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 11:12 . 2013-12-01 22:29 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 07:06 . 2013-12-01 21:50 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:06 . 2013-12-01 21:50 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-28 11:05 . 2014-03-28 11:04 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-27 12:45 . 2014-04-11 11:14 891168 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-27 12:45 . 2014-04-11 11:14 864600 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-27 12:45 . 2014-04-11 11:14 859592 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-27 12:45 . 2014-04-11 11:14 836544 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-27 12:45 . 2014-04-11 11:14 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-27 12:45 . 2014-04-11 11:14 3139928 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-27 12:45 . 2014-04-11 11:14 31270856 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-27 12:45 . 2014-04-11 11:14 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-27 12:45 . 2014-04-11 11:14 2785056 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-11 11:14 25257416 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-27 12:45 . 2014-04-11 11:14 2413344 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-27 12:45 . 2014-04-11 11:14 23785416 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-27 12:45 . 2014-04-11 11:14 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-27 12:45 . 2014-04-11 11:14 2949976 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-27 12:45 . 2014-04-11 11:14 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-27 12:45 . 2014-04-11 11:14 9734744 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-27 12:45 . 2014-04-11 11:14 9697128 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-27 12:45 . 2014-04-11 11:14 894752 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-27 12:45 . 2014-04-11 11:14 1890080 ----a-w- c:\windows\system32\nvdispco6433750.dll
2014-03-27 12:45 . 2014-04-11 11:14 17467048 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-27 12:45 . 2014-04-11 11:14 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-27 12:45 . 2014-04-11 11:14 1539416 ----a-w- c:\windows\system32\nvdispgenco6433750.dll
2014-03-27 12:45 . 2014-04-11 11:14 13158232 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-27 12:45 . 2014-04-11 11:14 11644392 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-27 12:45 . 2014-04-11 11:14 11598560 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-27 12:45 . 2014-03-28 12:40 14422856 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-27 12:45 . 2014-01-30 20:47 15964736 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-27 12:45 . 2014-01-30 20:46 2728160 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-27 12:45 . 2013-12-01 21:38 3106688 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-27 12:45 . 2013-10-28 12:22 18493952 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-27 12:45 . 2013-10-28 12:22 952440 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-27 02:11 . 2010-11-09 10:17 6768584 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-27 02:11 . 2010-11-09 10:17 3512664 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-27 02:11 . 2010-11-09 10:17 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-27 02:11 . 2010-11-09 10:17 63776 ----a-w- c:\windows\system32\nvshext.dll
2014-03-27 02:11 . 2010-11-09 10:17 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-27 02:11 . 2010-11-09 10:17 2558808 ----a-w- c:\windows\system32\nvsvcr.dll
2014-03-26 21:40 . 2014-04-11 11:23 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-24 10:31 . 2013-12-01 22:25 3683457 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-11 07:52 . 2013-09-27 07:53 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 04:43 . 2014-04-08 09:11 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7C9C3DC-A171-4911-914D-8B1AFF67F80C}\mpengine.dll
2014-03-06 09:31 . 2014-04-09 11:35 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-09 11:35 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-09 11:36 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-09 11:35 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-09 11:35 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-09 11:35 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-09 11:35 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-09 11:36 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-09 11:35 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-09 11:35 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-09 11:35 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-09 11:35 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-09 11:35 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-09 11:35 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-09 11:35 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-09 11:35 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-09 11:36 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-09 11:35 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-09 11:35 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-09 11:35 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-09 11:35 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-09 11:35 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-09 11:35 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-09 11:35 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-09 11:35 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-09 11:35 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-09 11:35 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-09 11:35 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-09 11:35 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-09 11:35 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-09 11:35 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-09 11:35 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-09 11:35 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 14:35 . 2014-03-28 12:40 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-28 12:40 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 09:44 . 2014-04-08 18:25 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-08 18:25 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-08 18:25 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-05-14 10:23 340992 ----a-w- c:\windows\system32\schannel.dll
2014-03-04 09:44 . 2014-04-08 18:25 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-08 18:25 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-05-14 10:23 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2014-03-04 09:17 . 2014-04-08 18:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-08 18:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-08 18:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-08 18:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-08 18:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-08 18:25 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"icq"="c:\users\Pato\AppData\Roaming\ICQM\icq.exe" [2014-04-15 33664344]
"GoogleChromeAutoLaunch_87E41254153B327458463FB130EADC96"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys;c:\windows\SYSNATIVE\DRIVERS\FintekCIR.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-26 21:41 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-01 07:06]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 22:03]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 22:03]
.
2014-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000Core.job
- c:\users\Pato\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-14 12:23]
.
2014-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1674835727-3794671844-3224762100-1000UA.job
- c:\users\Pato\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-14 12:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{309AEE3F-2CE8-4B3C-B39F-AA5F04616AB0}: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\Pato\AppData\Roaming\Mozilla\Firefox\Profiles\5n3h5utt.default\
FF - prefs.js: browser.startup.homepage - hxxp://onlinetip.sk/|http://mail.zoznam.sk/|http://vykecajsa ... /login.php
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - ExtSQL: !HIDDEN! 2013-12-03 01:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-14 16:56:40 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-14 14:56
.
Pre-Run: 943 759 572 992 bytes free
Post-Run: 943 410 987 008 bytes free
.
- - End Of File - - 5C8B8E24327BB6FB6EDA3022F93A6C8D
A36C5E4F47E84449FF07ED3517B43A31

Re: Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 14 kvě 2014 17:03
od Rudy
To, že jsem vám doporučil CF při nějaké předchozí kontrole ještě neznamená, že tomu tak musí být vždy. Navíc to bylo určitě po předchozí kontrole RSIT, nebo FRST. Ani já sám si nedovolím na cizím servisovaném PC spouštět CF, bez předchozí kontroly všeho, co na něm běží. Jen na tomto fóru už jsem viděl několik PC s poškozeným systém po laickém použití CF. Zde: http://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod3) to máte napsáno zcela jasně.

CF smazal, co měl, log je již OK.

Re: Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 14 kvě 2014 17:09
od onlinetip
Rudy píše:To, že jsem vám doporučil CF při nějaké předchozí kontrole ještě neznamená, že tomu tak musí být vždy. Navíc to bylo určitě po předchozí kontrole RSIT, nebo FRST. Ani já sám si nedovolím na cizím servisovaném PC spouštět CF, bez předchozí kontroly všeho, co na něm běží. Jen na tomto fóru už jsem viděl několik PC s poškozeným systém po laickém použití CF. Zde: http://forum.viry.cz/viewtopic.php?f=12&t=5601 (bod3) to máte napsáno zcela jasně.

CF smazal, co měl, log je již OK.
Ok, nabudúce budem vedieť. Ďakujem za Vašu ochotu.

Re: Podozrenie na vírus - prosím o kontrolu logu combofix

Napsal: 14 kvě 2014 17:36
od Rudy
Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz