Restartovani Pc

[cernohous13]

co se tyce toho usb fixu ja se to docela bojim udelat

a to už prečo?
tady nedáváme návody na likvidaci systému

[motji]

Toho USB fixu se ale vůbec nebojte , jen odhalí infekci na fleškách.

Pokud jste tak neudělal, odinstalujte uTorrent. Smažte všechny cracky a keygeny, které máte v pc, i to může být zdroj infekce.

Dělali jsme už mbam a avptool? Co Ted máte za antivir a firewall? Uplně nejlepší by bylo, kdyby jste měl možnost psát z jiného pc a tohle odpojit od sítě při čištění. Ať vyloučíme možnost, že se to tahá zpět, než najdeme zdroj.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde
-------------------------------------


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\system32\oqhre.dll

Driver::
rwouvybhk

Netsvc::
rwouvybhk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-

Folder::
c:\documents and settings\Martin\Desktop\Dota keys
C:\Documents and Settings\Martin\Desktop\CM
C:\Documents and Settings\Martin\My Documents\DotaToolKit files

Dirlook::
C:\WINDOWS\s16upd_id

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[Y0G1]

Toho USB fixu se ale vůbec nebojte , jen odhalí infekci na fleškách.

Pokud jste tak neudělal, odinstalujte uTorrent. Smažte všechny cracky a keygeny, které máte v pc, i to může být zdroj infekce.

Dělali jsme už mbam a avptool? Co Ted máte za antivir a firewall? Uplně nejlepší by bylo, kdyby jste měl možnost psát z jiného pc a tohle odpojit od sítě při čištění. Ať vyloučíme možnost, že se to tahá zpět, než najdeme zdroj.

odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)

Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC


Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde
-------------------------------------


Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

KillAll::

Rootkit::
c:\windows\system32\oqhre.dll

Driver::
rwouvybhk

Netsvc::
rwouvybhk

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-

Folder::
c:\documents and settings\Martin\Desktop\Dota keys
C:\Documents and Settings\Martin\Desktop\CM
C:\Documents and Settings\Martin\My Documents\DotaToolKit files

Dirlook::
C:\WINDOWS\s16upd_id

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

ten mbam sme nedelali demontools odisntalovany cracky nemam mam jenom 1 hru v pc keygey take nemam

firewall clasicky od windoswu antivirak nepouzivam neviem aky je dobry

ty dve veci co mam stahnout co to vlastne dela rad bych vedel abych se priucil

utorent nemam asi zbytkova aplikace to mazu hned jak nekdy neco taham ...

[motji]

Myslíte ten program na uninstall SPDT a defogger? To je na uplné odinstalování driveru pod Daemonu. Je možné, že je infikovaný a vrací nám tam tu bestii on.

Takže Stahněte si instalačku třeba Avastu a Zone alarmu, Jestli jste ještě nespouštěl ten fixdowndup, tak i ten. Pak pc odpojte od internetu, udělejte znovu combofix, pak Fixdowndup a pak nainstalujte Avast a Zone alarm. U Zone alarmu si pečlivě hlídejte, co pouštíte na net, když tak Vám pak pomůžu s nastavením.

A taky konečně spustte ten USBfix . Musíte to všechno udělat, ať víme, kde se ta bestie drží.

[Y0G1]

tady je ten deforger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:05 on 28/05/2011 (Martin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

co se tyce toho spt tak tam mam moznost jenom install tak sem to dal a restartnul pc nic jine mi nevyhodiklo ted jdu ten combo fix

[motji]

Tak ho spustte znovu a dejte uninstall

[Y0G1]

tady je log na ten killall

ComboFix 11-05-27.02 - Martin 28.05.2011 16:11:40.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.759 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Desktop\CM
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\TestDLL.dll
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\examples.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\garena.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24c.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24d.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24e.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_25b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_26a.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\AutoTunnel.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\callmh.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\CDExploit.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.cfg
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ESPConfig.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ggsys.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\GM.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\hooker.mixtape
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\int.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESP.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESPLoader.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\RegFixer.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Settings.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Sid-Hax.exe
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\standard.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\tempfix.zip
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\UpdateOffsets.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WarKey.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WKSet.ini
c:\documents and settings\Martin\Desktop\CM\DATA\helpus.gif
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\done.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\doubleDamage.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enteredRoom.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enterVoice.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Version.ini
c:\documents and settings\Martin\Desktop\CM\GM.exe
c:\documents and settings\Martin\Desktop\CM\Registry Cleaner.bat
c:\documents and settings\Martin\Desktop\Dota keys
c:\documents and settings\Martin\Desktop\Dota keys\DotaToolKit.exe
c:\documents and settings\Martin\Desktop\Dota keys\DTKConfig.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKItemBuild.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKSkillBuild.ini
c:\documents and settings\Martin\My Documents\DotaToolKit files
c:\documents and settings\Martin\My Documents\DotaToolKit files\- None -.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Aghanim'sScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ArcaneBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Assault.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Avatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BattleFury.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BladeMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bloodstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Boots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BootsOfTravel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bottle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bracers.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAbomination.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNakama.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArachnathidGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArthas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAssassin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvengingWatcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBanshee.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBansheeRanger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBeastMaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueDemoness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueMagnataur.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNCentaurKhan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNClockWerkGoblin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDarkTrollShadowPriest.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDestroyer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDoomGuard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDranaiMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDruidOfTheClaw.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDryad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEredarWarlockPurple.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEvilIllidan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFacelessOne.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFaerieDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFelGuardBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFlyingMachine.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNForestTroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurbolgTracker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhostOfKelThuzad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhoul.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGnollWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGoblinSapper.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGuldan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeadHunterBerserker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHellScream.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroAlchemist.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroArchMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroBloodElfPrince.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroCryptLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDeathKnight.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDemonHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroFarseer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTaurenChieftain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTinker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHuntress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHydralisk.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosBlademaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosGrom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosWarlord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChimaera.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNIcyGhost.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNJaina.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKeeperGhostBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKiljaedin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKoboldGeomancer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLichVersion2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMedivh.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMountainGiant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMurgulShadowCaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaMyrmidon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNerubianQueen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNetherDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNOgreMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPandarenBrewmaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPhoenix1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPitLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPriestessOfTheMoon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNProudmoore.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPugna.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRazorback.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRifleman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSatyrTrickster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaElemental.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaGiantGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShadowHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShaman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonArcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSorceress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpell_Shadow_SummonVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpellBreaker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiderBlack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWyvern.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNStorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSylvanusWindrunner.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTauren.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTheCaptain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNThrall.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTichondrius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTreant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTrollBatRider.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTuskarr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNvengeanceincarnate.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWispHero.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWitchDoctor.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNZombie.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buckler.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buriza.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Butterfly.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\attack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\bonus.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\cancel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\DTK.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\hold.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\move.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\patrol.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\select.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill3.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill4.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill5.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill6.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skills.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\stop.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\Circlet.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Clarity.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ClawsOfAttack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CraniumBasher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cristalys.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Crow.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.tx
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.txt
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cyclone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dagon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DemonEdge.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Desolator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalLevel2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DivineRapier.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dominator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EnergyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EtherealBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ForceStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GauntletsOfStrength.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GGBranch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GhostScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Guinsoo.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HandOfMidas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Headress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HelmOfIronWill.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hood.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hyperstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ChainMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Chicken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\JanggoOfEndurance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Javelin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\KelenDagger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Linken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Lothar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Madness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MagicStick.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantaStyle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantleOfIntelligence.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MaskOfDeath.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mealstorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MedallionOfCourage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mekansm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MithrilHammer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mjollnir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Monkey.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mordiggan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MysticStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Necronomicon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OblivionStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OgreAxe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OrbOfVenom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Orchid.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Perseverance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PhaseBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Pipe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PlateMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PointBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PoorManShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsAgi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsInt.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsStr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuarterStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuelingBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Radiance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Reaver.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Refresher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfBasilius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfHealth.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfProtection.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingofRegeneration.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RobeOfTheMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Roshan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SacredRelic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Salve.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Sange.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SangeAndYasha.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Satanic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SentryWard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Shiva.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Skady.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SlippersOfAgility.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SmokeOfDeceit.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SobiMask.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulRing.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StaffOfWizardry.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StoutShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Talisman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\TalismanOfEvasion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tango.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tarrasque.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\TPScroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UltimateOrb.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UrnOfShadows.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vanguard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VeilOfDiscord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VitallyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vladimir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VoidStone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Wand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\WraithBand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Yasha.jpg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RWOUVYBHK
-------\Service_rwouvybhk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\s16upd_id ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\programy\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-28 16:20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 14:20
ComboFix2.txt 2011-05-28 08:44
ComboFix3.txt 2011-05-25 20:14
ComboFix4.txt 2011-05-25 14:35
ComboFix5.txt 2011-05-28 14:10
.
Pre-Run: 58 731 814 912 bytes free
Post-Run: 10 adresárov, 58 706 272 256 voľných bajtov
.
- - End Of File - - 7FE46B679B9F598CADD4F146EE94AF5F



skousel sem ta moznost mi nejde kliknut

[Y0G1]

a tu je kontrolny log

ComboFix 11-05-27.02 - Martin 28.05.2011 16:22:33.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.742 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-28 16:26:57
ComboFix-quarantined-files.txt 2011-05-28 14:26
ComboFix2.txt 2011-05-28 14:20
ComboFix3.txt 2011-05-28 08:44
ComboFix4.txt 2011-05-25 20:14
ComboFix5.txt 2011-05-28 14:21
.
Pre-Run: 58 717 040 640 bytes free
Post-Run: 10 adresárov, 58 700 042 240 voľných bajtov
.
- - End Of File - - 05EEB9F8B1CB1F4241ED487706E92CE3

[motji]

Už to vypadá dobře, ted udělejte ten USBfix a Fixdowndup. A pak se uvidí. Pak taky doinstalujte ten Avast a Zone alarm.

[Y0G1]

jasny rozumim takze sem mnel toho malware a rootkita v tom dotatoole a v gm?

[motji]

Po poradě s kolegou jsem oba programy smazala, mohl to být původce.
Jestli se bestie nevrátila poznáte tak, že Vám nepujdou načíst stránky antivirových firem nebo www.virustotal.com

[Y0G1]

ta stranka mi nacist jde

[motji]

Tak to sledujte .

[Y0G1]

Tak to sledujte .

to je ale smejd ...zase se vratil ja mu asi neco dluzim

[stell]

Zaskok

1:Ak chces mat cisty pocitac, musis presne robit to co kolegovia pisu.
Mas tam CONFICKER.
Takze ak ti pisu pouzi USBFIX, FIXDOWNADUP ,vloz sem log,,,atd,,ata, musis to spravit, a co je hlavne hned, a neodkladat to stale na druhy den.

2:Bezpodmienecne treba najprv nainstalovat FIREWALL.+AV