Log pre Motji:)

[Y0G1]

ComboFix 11-09-16.01 - Martin 17.09.2011 11:48:24.23.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.691 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory\SL404.tmp.1f46e2af.ini
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory\TurbineInvoker.exe.8a83e4ed.ini
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.b4beadd5.ini
c:\documents and settings\Martin\Local Settings\Application Data\ApplicationHistory\TurbineLauncher.exe.b4beadd5.ini.inuse
C:\Install.exe
c:\program files\messenger\msmsgsin.exe
c:\windows\system32\mfc100deu.dll
c:\windows\system32\nvdispco3220140.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))))
.
.
2011-09-16 15:09 . 2011-09-16 19:01 -------- d-----w- c:\program files\DotAlicious Gaming Client
2011-09-16 14:49 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-16 14:49 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-16 14:49 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-16 14:49 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-16 14:49 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-16 14:49 . 2011-09-06 20:36 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-16 14:49 . 2011-09-06 20:36 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-16 14:49 . 2011-09-06 20:33 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-16 14:48 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-16 14:48 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-16 14:48 . 2011-09-16 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-16 13:52 . 2011-09-16 13:52 -------- d-----w- C:\rsit
2011-09-16 13:52 . 2011-09-16 13:52 -------- d-----w- c:\program files\trend micro
2011-09-16 13:43 . 2011-09-16 13:43 -------- d-----w- c:\program files\FileHippo.com
2011-09-16 10:35 . 2011-09-16 10:35 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-09-16 07:39 . 2011-09-16 07:39 -------- d-----w- c:\documents and settings\Martin\Application Data\ESET
2011-09-16 07:37 . 2011-09-16 07:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2011-09-13 22:25 . 2011-09-14 07:13 -------- d-----w- c:\documents and settings\Martin\Application Data\ScanSpyware
2011-09-12 11:58 . 2011-09-12 12:46 -------- d-----w- c:\documents and settings\Martin\Application Data\uTorrent
2011-09-09 13:42 . 2011-09-09 13:42 -------- d-----w- c:\documents and settings\UpdatusUser
2011-09-09 08:06 . 2011-09-13 14:31 -------- d-----w- c:\documents and settings\Martin\Application Data\GameRanger
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-16 13:45 . 2011-05-25 14:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-16 13:45 . 2011-06-15 08:14 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-16 13:45 . 2011-06-15 08:14 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 18:53 . 2011-08-16 18:53 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-08-06 12:44 . 2011-08-06 12:44 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-06 12:44 . 2011-08-06 12:44 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-03 11:49 . 2011-01-07 17:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2011-01-07 17:56 600680 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-08-03 11:49 . 2011-01-07 17:56 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2011-01-07 17:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2011-01-07 17:56 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2010-11-15 17:24 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-08-03 11:49 . 2010-11-15 17:24 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-08-03 11:49 . 2010-11-15 17:24 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2010-11-15 17:24 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-08-03 11:49 . 2010-11-15 17:24 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2010-11-15 17:24 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2010-11-15 17:24 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2010-11-15 17:24 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2010-11-15 17:24 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2010-11-15 17:24 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2010-11-15 17:24 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\programy\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"avast"="c:\programy\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Martin\Start Menu\Programs\Startup\
DotaToolKit.lnk - c:\documents and settings\Martin\Desktop\DotaToolKit.exe [2011-5-30 891078]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:49 13892200 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-07-05 08:08 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-16 17:59 1242448 ----a-w- c:\programy\Steam\Steam.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
"c:\\HRY\\Warcraft III\\war3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\DotAlicious Gaming Client\\client.exe"=
"c:\\Programy\\Steam\\Steam.exe"=
"c:\\Programy\\Garena Classic\\Garena.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15.6.2011 22:06 26624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.9.2011 16:49 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.9.2011 16:49 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.9.2011 16:49 20568]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [9.9.2011 15:42 2255464]
S3 cpuz130;cpuz130;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena Classic\safedrv.sys --> c:\programy\Garena Classic\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1214440339-725345543-1003Core.job
- c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 14:59]
.
2011-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1214440339-725345543-1003UA.job
- c:\documents and settings\Martin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-16 14:59]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-17 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-09-17 12:02:35
ComboFix-quarantined-files.txt 2011-09-17 10:02
.
Pre-Run: 67 611 410 432 bytes free
Post-Run: 67 641 683 968 bytes free
.
- - End Of File - - 02CCF8522F6CDFE440E160B3B63FCD57

[motji]

Zdravím
Použijte ještě ten druhý program, hlavně ale připojte všechny flešky, pamětové karty a podobně.. a pak proskenujte pc AVPtoolem. Pak se uvidí

[Y0G1]

no flasku mam jenom 1 a usb port mi funguje bohuzel uz jenom jeden ten co mam na mys ten je zapojenej porad takze to je asi tak vse jj jdu nato

[Y0G1]

Ok Loading BitDefender Engines
State 0
Sleeping 3 seconds...
Found so far : 0x0 files/regs
Searching for Downadup file ....
- System folder
- Temporary folder
- Program Files
- Application Data
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found
Ok Loading BitDefender Engines
State 0
Sleeping 3 seconds...
Found so far : 0x0 files/regs
Searching for Downadup file ....
- System folder
- Temporary folder
- Program Files
- Application Data
Found so far : 0x0 files/regs
No Traces of Downadup Worm were found





Status: Deleted (events: 1)
17.9.2011 13:39:01 Deleted Trojan program Trojan.Win32.Agent.fqdi C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\45QYULLS\avly[1].bmp High


avp nasel jen tohle

[motji]

Fajn, jak to ted vypadá s počítačem?

[Y0G1]

praveze celej den nic se nestalo ja nevim jestli to je zase v poradku ja sem z toho jelen

[motji]

A antivir něco hlásí?

[Y0G1]

vubec ono kdyz ten conficker hlasila avira tak mi to udelalo malej zasek oken a pak kdyz sem klikl na ikonku v rohu listy kde je obrazek zvuku tak mi nesel pustit a ve hre cez bsplayer winapm mi nesiel zvuk takze jedine len restart a vcera a dneska to zatim neudelalo tak sem z toho jelen

[motji]

Dobře, tak pc ted pozorujte, jakmile tam vir zase bude, ozvěte se.

[Y0G1]

rozumim a vykonam

[Y0G1]

asi pred 20minutama sem dostal modrou smrt neco vaznyho?

[motji]

Mrkněte se prosím po složce minidump, pokud v ní něco je, někam mi to upněte

[Y0G1]

a kde ji najdu ?:)))))))


http://www.ulozto.sk/10321798/mini091911-01-dmp


jinak ten conficker sa vratil zase a zase mi ho avast nasiel teraz bol inde a dal som ho ulozit do trezoru

[motji]

C/windows/minidump

[Y0G1]

uz sem to tu hodil snad dobre viz upraveny prispevek