Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Spomaleny PC - podozrenie na malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Spomaleny PC - podozrenie na malware
Viackrat som to skusal a nechal som to aj niekolko desiatok minut ale vzdy zamrzol pc a ziadny log mi nevyhodilo a musel som ho natvrdo restartovat...ospravedlnujem sa ze odpisujem az teraz...
Re: Spomaleny PC - podozrenie na malware
Zkuste jej aplikovat v nouzovem rezimu (restart PC, mackat F8 a zvolit Stav nouze s praci v siti)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Spomaleny PC - podozrenie na malware
ComboFix 12-08-22.03 - Dominika . 08. 2012 19:16:35.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3581.3136 [GMT 2:00]
Running from: c:\users\Dominika\Desktop\ComboFix.exe
Command switches used :: c:\users\Dominika\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 17:22 . 2012-08-23 17:24 -------- d-----w- c:\users\Dominika\AppData\Local\temp
2012-08-23 17:22 . 2012-08-23 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 09:01 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F833383-0431-4F7C-A3DD-846821BA5F64}\mpengine.dll
2012-08-19 06:50 . 2012-08-19 06:50 -------- d-----w- c:\users\Dominika\AppData\Local\ESET
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\users\Dominika\AppData\Roaming\Malwarebytes
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\programdata\Malwarebytes
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-18 15:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 12:05 . 2012-08-18 12:05 -------- d-----w- C:\rsit
2012-08-18 12:05 . 2012-08-18 12:05 -------- d-----w- c:\program files\trend micro
2012-08-16 21:42 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-05 07:20 . 2012-08-05 07:20 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-04 11:29 . 2012-08-04 11:29 -------- d-----w- C:\Impressions Games
2012-08-03 20:19 . 2012-08-03 20:19 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-03 20:19 . 2012-08-03 20:34 -------- d-----w- c:\users\Dominika\AppData\Roaming\DAEMON Tools Lite
2012-08-03 20:19 . 2012-08-03 20:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-08-03 20:18 . 2012-08-03 20:22 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-03 18:35 . 2012-08-03 18:35 -------- d-----w- c:\users\Dominika\AppData\Local\AVG Secure Search
2012-08-03 18:35 . 2012-08-07 20:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-03 18:35 . 2012-08-03 18:35 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-03 18:34 . 2012-08-03 18:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-03 18:34 . 2012-08-03 18:35 -------- d-----w- c:\program files\AVG Secure Search
2012-08-03 18:34 . 2012-08-03 18:34 -------- d--h--w- c:\programdata\Common Files
2012-08-02 11:56 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-08-02 11:56 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-02 11:56 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-02 11:55 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-02 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-02 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-02 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-02 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-02 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 07:20 . 2010-07-29 20:01 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 07:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 07:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 07:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 07:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 07:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-08-02 11:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2009-11-09 00:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-21 19:04 . 2012-01-21 19:04 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 18:34 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
.
c:\users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 158.195.6.3 158.195.4.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\3iu3f2po.default\
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\TeamViewer3\TeamViewer_Host.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-08-23 19:28:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 17:28
ComboFix2.txt 2012-08-19 07:02
.
Pre-Run: 49 849 606 144 bytes free
Post-Run: 45 953 617 920 bytes free
.
- - End Of File - - 53439636CB99202C927B782D0ACE7CD9
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.3581.3136 [GMT 2:00]
Running from: c:\users\Dominika\Desktop\ComboFix.exe
Command switches used :: c:\users\Dominika\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 17:22 . 2012-08-23 17:24 -------- d-----w- c:\users\Dominika\AppData\Local\temp
2012-08-23 17:22 . 2012-08-23 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 09:01 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F833383-0431-4F7C-A3DD-846821BA5F64}\mpengine.dll
2012-08-19 06:50 . 2012-08-19 06:50 -------- d-----w- c:\users\Dominika\AppData\Local\ESET
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\users\Dominika\AppData\Roaming\Malwarebytes
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\programdata\Malwarebytes
2012-08-18 15:58 . 2012-08-18 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-18 15:58 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-18 12:05 . 2012-08-18 12:05 -------- d-----w- C:\rsit
2012-08-18 12:05 . 2012-08-18 12:05 -------- d-----w- c:\program files\trend micro
2012-08-16 21:42 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-05 07:20 . 2012-08-05 07:20 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-04 11:29 . 2012-08-04 11:29 -------- d-----w- C:\Impressions Games
2012-08-03 20:19 . 2012-08-03 20:19 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-03 20:19 . 2012-08-03 20:34 -------- d-----w- c:\users\Dominika\AppData\Roaming\DAEMON Tools Lite
2012-08-03 20:19 . 2012-08-03 20:19 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-08-03 20:18 . 2012-08-03 20:22 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-03 18:35 . 2012-08-03 18:35 -------- d-----w- c:\users\Dominika\AppData\Local\AVG Secure Search
2012-08-03 18:35 . 2012-08-07 20:17 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-03 18:35 . 2012-08-03 18:35 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-03 18:34 . 2012-08-03 18:35 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-03 18:34 . 2012-08-03 18:35 -------- d-----w- c:\program files\AVG Secure Search
2012-08-03 18:34 . 2012-08-03 18:34 -------- d--h--w- c:\programdata\Common Files
2012-08-02 11:56 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-08-02 11:56 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-02 11:56 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-02 11:55 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-02 11:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-02 11:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-02 11:54 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-02 11:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-02 11:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 07:20 . 2010-07-29 20:01 472880 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 07:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 07:59 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 07:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 07:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 07:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 07:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 07:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 07:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 07:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-08-02 11:54 278528 ----a-w- c:\windows\system32\schannel.dll
2012-05-31 10:25 . 2009-11-09 00:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-21 19:04 . 2012-01-21 19:04 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-03 18:34 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-08-03 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-08-26 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-03 1147488]
.
c:\users\Dominika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 158.195.6.3 158.195.4.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Dominika\AppData\Roaming\Mozilla\Firefox\Profiles\3iu3f2po.default\
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-23 19:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\TeamViewer3\TeamViewer_Host.exe
c:\program files\Toshiba TEMPRO\TempoSVC.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-08-23 19:28:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 17:28
ComboFix2.txt 2012-08-19 07:02
.
Pre-Run: 49 849 606 144 bytes free
Post-Run: 45 953 617 920 bytes free
.
- - End Of File - - 53439636CB99202C927B782D0ACE7CD9
Re: Spomaleny PC - podozrenie na malware
Jak se chova nas pacient 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Spomaleny PC - podozrenie na malware
v pohodicke...
nie su zatial ziadne problemy 
velmi pekne dakujem za pomoc
nie su zatial ziadne problemy velmi pekne dakujem za pomocRe: Spomaleny PC - podozrenie na malware
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Spomaleny PC - podozrenie na malware
vsetko vykonane a pacient vylieceny...podakovanie patri doktorovi 
Re: Spomaleny PC - podozrenie na malware
Nemate zac, rado se stalo 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?