Sekající se hry po instalaci avg 2013
Napsal: 20 led 2013 14:48
Zdravim, po instalaci avg internet security 2013 se mi budto nespustí nebo při hraní jak online tak offline sekne komp.
Dřívější stav byl avast, pak jsem dal to avg 2013, našel mi pět virů po té sem použil combofix.
Můj odhad byl že to dělaj ovladače grafárny, což mi ale dx diag vyvrátil.
Zdá se mi i že ping na net je pomalejší, načítání stránek myslim.
Více viz LOG, prosím o radu co s tim, díky.
ComboFix 13-01-17.04 - jpk 19.01.2013 17:04:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.720 [GMT 1:00]
Spuštěný z: E:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jpk\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\Oleaut32.1
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-19 do 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 15:54 . 2013-01-19 15:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Oblíbené položky
2013-01-18 19:30 . 2013-01-18 19:30 -------- d-----w- c:\documents and settings\jpk\Data aplikací\AVG2013
2013-01-18 19:30 . 2013-01-18 19:30 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2013
2013-01-18 19:29 . 2013-01-18 19:29 -------- d-----w- c:\documents and settings\jpk\Data aplikací\TuneUp Software
2013-01-18 19:26 . 2013-01-18 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVG2013
2013-01-18 19:26 . 2013-01-18 19:26 -------- d-----w- C:\$AVG
2013-01-18 19:25 . 2013-01-18 19:25 -------- d-----w- c:\program files\AVG
2013-01-18 19:22 . 2013-01-18 19:22 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Common Files
2013-01-18 19:22 . 2013-01-19 15:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\MFAData
2013-01-18 19:22 . 2013-01-18 19:41 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\Avg2013
2013-01-18 19:22 . 2013-01-18 19:22 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\MFAData
2013-01-18 18:51 . 2013-01-18 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2013-01-18 18:27 . 2013-01-18 18:27 227424 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\1358533384.bdinstall.bin
2013-01-18 11:40 . 2013-01-18 11:40 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\PCHealth
2013-01-18 09:38 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2013-01-18 09:38 . 2004-05-18 19:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2013-01-18 09:38 . 2012-07-01 23:15 4102656 ----a-w- c:\windows\system32\x264vfw.dll
2013-01-18 09:38 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-01-18 09:38 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-01-18 09:38 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-01-18 09:38 . 2011-12-21 18:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-01-18 09:37 . 2012-12-24 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-17 15:04 . 2013-01-17 15:04 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Bitdefender
2013-01-17 10:01 . 2013-01-17 10:01 735311 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\1358414556.bdinstall.bin
2013-01-17 09:50 . 2013-01-17 12:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\BDLogging
2013-01-17 09:48 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-01-17 09:47 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-01-17 09:31 . 2013-01-17 09:31 -------- d-----w- c:\documents and settings\jpk\Data aplikací\QuickScan
2013-01-17 08:56 . 2013-01-18 18:25 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-01-15 21:56 . 2013-01-16 10:41 -------- d-----w- c:\program files\SCi
2013-01-15 21:56 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-01-15 20:41 . 2013-01-15 20:41 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\URSE Games
2013-01-15 19:24 . 2013-01-15 19:24 -------- d-----w- c:\documents and settings\jpk\Data aplikací\Enki Games
2013-01-15 17:32 . 2013-01-15 17:34 -------- d-----w- c:\program files\Unlock Codes Calculator (by Crux)
2013-01-15 15:46 . 2013-01-15 15:46 -------- d-----w- c:\documents and settings\jpk\Data aplikací\Alawar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 15:30 . 2011-12-20 16:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-19 15:30 . 2011-12-20 16:05 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-16 18:51 . 2011-12-20 16:27 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-16 12:31 . 2010-01-14 14:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-02 15:02 . 2011-12-20 16:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-13 11:56 . 2010-01-14 15:02 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2010-01-14 15:01 1446912 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 22:54 . 2012-09-07 18:02 139152 ----a-w- c:\documents and settings\jpk\Data aplikací\PnkBstrK.sys
2012-11-01 22:53 . 2012-09-07 18:02 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-11-01 12:11 . 2010-01-14 15:02 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:11 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:11 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2011-09-29 07:07 . 2011-11-08 15:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jpk^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpqek
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Navigator Installer 5.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InkMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-21 22:13 136176 ----atw- c:\documents and settings\jpk\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"wscsvc"=2 (0x2)
"Schedule"=2 (0x2)
"helpsvc"=3 (0x3)
"CiSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\CesarFTP\\Server.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\hry\\NFS Underground\\Speed.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 3:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.9.2012 3:05 35552]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2.10.2012 3:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.9.2012 3:46 164832]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [25.10.2012 12:20 1026432]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10.12.2012 11:11 1342024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [3.11.2012 0:45 30312]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [19.5.2012 0:17 20032]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [23.5.2012 10:30 112640]
S3 fdrawcmd;Low-level Floppy Driver; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.8.2012 16:34 12400]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [23.5.2012 10:48 100480]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3.11.2012 0:45 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3.11.2012 0:45 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3.11.2012 0:45 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [3.11.2012 0:45 114152]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PNKBSTRB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.0.1:80
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Notify-RailNotification - (no file)
MSConfigStartUp-EPSON Stylus DX4400 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-01-19 17:21:07
ComboFix-quarantined-files.txt 2013-01-19 16:20
.
Před spuštěním: Volných bajtů: 55 648 030 720
Po spuštění: Volných bajtů: 56 016 084 992
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0E477C0DACBAD63F054E16611C730B3A
Dřívější stav byl avast, pak jsem dal to avg 2013, našel mi pět virů po té sem použil combofix.
Můj odhad byl že to dělaj ovladače grafárny, což mi ale dx diag vyvrátil.
Zdá se mi i že ping na net je pomalejší, načítání stránek myslim.
Více viz LOG, prosím o radu co s tim, díky.
ComboFix 13-01-17.04 - jpk 19.01.2013 17:04:34.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1279.720 [GMT 1:00]
Spuštěný z: E:\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jpk\WINDOWS
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\DEBUG.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\Oleaut32.1
c:\windows\system32\oobe\msoobe.err
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\TZLog.log
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-19 do 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 15:54 . 2013-01-19 15:54 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Oblíbené položky
2013-01-18 19:30 . 2013-01-18 19:30 -------- d-----w- c:\documents and settings\jpk\Data aplikací\AVG2013
2013-01-18 19:30 . 2013-01-18 19:30 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\AVG2013
2013-01-18 19:29 . 2013-01-18 19:29 -------- d-----w- c:\documents and settings\jpk\Data aplikací\TuneUp Software
2013-01-18 19:26 . 2013-01-18 19:30 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\AVG2013
2013-01-18 19:26 . 2013-01-18 19:26 -------- d-----w- C:\$AVG
2013-01-18 19:25 . 2013-01-18 19:25 -------- d-----w- c:\program files\AVG
2013-01-18 19:22 . 2013-01-18 19:22 -------- d--h--w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Common Files
2013-01-18 19:22 . 2013-01-19 15:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\MFAData
2013-01-18 19:22 . 2013-01-18 19:41 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\Avg2013
2013-01-18 19:22 . 2013-01-18 19:22 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\MFAData
2013-01-18 18:51 . 2013-01-18 19:16 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Kaspersky Lab
2013-01-18 18:27 . 2013-01-18 18:27 227424 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\1358533384.bdinstall.bin
2013-01-18 11:40 . 2013-01-18 11:40 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\PCHealth
2013-01-18 09:38 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2013-01-18 09:38 . 2004-05-18 19:16 39936 ----a-w- c:\windows\system32\huffyuv.dll
2013-01-18 09:38 . 2012-07-01 23:15 4102656 ----a-w- c:\windows\system32\x264vfw.dll
2013-01-18 09:38 . 2011-12-07 18:32 216064 ----a-w- c:\windows\system32\lagarith.dll
2013-01-18 09:38 . 2011-06-24 15:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2013-01-18 09:38 . 2011-06-24 15:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2013-01-18 09:38 . 2011-12-21 18:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2013-01-18 09:37 . 2012-12-24 18:00 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2013-01-17 15:04 . 2013-01-17 15:04 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Bitdefender
2013-01-17 10:01 . 2013-01-17 10:01 735311 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\1358414556.bdinstall.bin
2013-01-17 09:50 . 2013-01-17 12:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\BDLogging
2013-01-17 09:48 . 2007-04-11 09:11 511328 ----a-w- c:\windows\capicom.dll
2013-01-17 09:47 . 2009-07-14 21:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-01-17 09:31 . 2013-01-17 09:31 -------- d-----w- c:\documents and settings\jpk\Data aplikací\QuickScan
2013-01-17 08:56 . 2013-01-18 18:25 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-01-15 21:56 . 2013-01-16 10:41 -------- d-----w- c:\program files\SCi
2013-01-15 21:56 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2013-01-15 20:41 . 2013-01-15 20:41 -------- d-----w- c:\documents and settings\jpk\Local Settings\Data aplikací\URSE Games
2013-01-15 19:24 . 2013-01-15 19:24 -------- d-----w- c:\documents and settings\jpk\Data aplikací\Enki Games
2013-01-15 17:32 . 2013-01-15 17:34 -------- d-----w- c:\program files\Unlock Codes Calculator (by Crux)
2013-01-15 15:46 . 2013-01-15 15:46 -------- d-----w- c:\documents and settings\jpk\Data aplikací\Alawar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-19 15:30 . 2011-12-20 16:06 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-01-19 15:30 . 2011-12-20 16:05 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-01-16 18:51 . 2011-12-20 16:27 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-12-16 12:31 . 2010-01-14 14:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-02 15:02 . 2011-12-20 16:05 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-13 11:56 . 2010-01-14 15:02 1875456 ----a-w- c:\windows\system32\win32k.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
2012-11-06 02:00 . 2010-01-14 15:01 1446912 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:03 . 2008-04-14 11:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 22:54 . 2012-09-07 18:02 139152 ----a-w- c:\documents and settings\jpk\Data aplikací\PnkBstrK.sys
2012-11-01 22:53 . 2012-09-07 18:02 794408 ----a-w- c:\windows\system32\pbsvc.exe
2012-11-01 12:11 . 2010-01-14 15:02 920064 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:11 . 2010-01-14 15:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:11 . 2010-01-14 15:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-31 23:39 . 2010-01-14 15:00 385024 ----a-w- c:\windows\system32\html.iec
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2011-09-29 07:07 . 2011-11-08 15:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^GamePark klient 2.lnk]
backup=c:\windows\pss\GamePark klient 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jpk^Nabídka Start^Programy^Po spuštění^Facebook Messenger.lnk]
backup=c:\windows\pss\Facebook Messenger.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CmPCIaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cpqek
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Navigator Installer 5.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InkMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smart File Advisor
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-21 22:13 136176 ----atw- c:\documents and settings\jpk\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=3 (0x3)
"wscsvc"=2 (0x2)
"Schedule"=2 (0x2)
"helpsvc"=3 (0x3)
"CiSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"EPSON_PM_RPCV4_01"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\CesarFTP\\Server.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\hry\\NFS Underground\\Speed.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 3:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.9.2012 3:05 35552]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2.10.2012 3:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.9.2012 3:46 164832]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [25.10.2012 12:20 1026432]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14.1.2010 16:04 9472]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [10.12.2012 11:11 1342024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [3.11.2012 0:45 30312]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12.1.2012 19:52 30944]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [19.5.2012 0:17 20032]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [23.5.2012 10:30 112640]
S3 fdrawcmd;Low-level Floppy Driver; [x]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.8.2012 16:34 12400]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [23.5.2012 10:48 100480]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3.11.2012 0:45 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3.11.2012 0:45 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3.11.2012 0:45 136680]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [3.11.2012 0:45 114152]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - PNKBSTRB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = 192.168.0.1:80
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Notify-RailNotification - (no file)
MSConfigStartUp-EPSON Stylus DX4400 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-19 17:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2013-01-19 17:21:07
ComboFix-quarantined-files.txt 2013-01-19 16:20
.
Před spuštěním: Volných bajtů: 55 648 030 720
Po spuštění: Volných bajtů: 56 016 084 992
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0E477C0DACBAD63F054E16611C730B3A
Kolega me poprosim o soucinnost