Re: Restartovani Pc
Napsal: 28 kvě 2011 10:17
a to už prečo?Y0G1 píše: co se tyce toho usb fixu ja se to docela bojim udelat
tady nedáváme návody na likvidaci systému
tady nedáváme návody na likvidaci systému
Stránka 14 z 25
tady nedáváme návody na likvidaci systému
Re: Restartovani Pc
Napsal: 28 kvě 2011 10:43
Toho USB fixu se ale vůbec nebojte 
, jen odhalí infekci na fleškách.
Pokud jste tak neudělal, odinstalujte uTorrent. Smažte všechny cracky a keygeny, které máte v pc, i to může být zdroj infekce.
Dělali jsme už mbam a avptool? Co Ted máte za antivir a firewall? Uplně nejlepší by bylo, kdyby jste měl možnost psát z jiného pc a tohle odpojit od sítě při čištění. Ať vyloučíme možnost, že se to tahá zpět, než najdeme zdroj.
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol)
Stáhněte SPTD http://www.duplexsecure.com/en/downloads
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe
- spustte,
- potvrdte disabled
-log vložte zde
-------------------------------------
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
, jen odhalí infekci na fleškách. Pokud jste tak neudělal, odinstalujte uTorrent. Smažte všechny cracky a keygeny, které máte v pc, i to může být zdroj infekce. Dělali jsme už mbam a avptool? Co Ted máte za antivir a firewall? Uplně nejlepší by bylo, kdyby jste měl možnost psát z jiného pc a tohle odpojit od sítě při čištění. Ať vyloučíme možnost, že se to tahá zpět, než najdeme zdroj. odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe - spustte,
- potvrdte disabled
-log vložte zde
-------------------------------------
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
KillAll::
Rootkit::
c:\windows\system32\oqhre.dll
Driver::
rwouvybhk
Netsvc::
rwouvybhk
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6756:TCP"=-
Folder::
c:\documents and settings\Martin\Desktop\Dota keys
C:\Documents and Settings\Martin\Desktop\CM
C:\Documents and Settings\Martin\My Documents\DotaToolKit files
Dirlook::
C:\WINDOWS\s16upd_id
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Re: Restartovani Pc
Napsal: 28 kvě 2011 12:26
motji píše:Toho USB fixu se ale vůbec nebojte
-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
- spustte,
- potvrdte disabled
-log vložte zde
-------------------------------------
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochuKód: Vybrat vše
KillAll:: Rootkit:: c:\windows\system32\oqhre.dll Driver:: rwouvybhk Netsvc:: rwouvybhk Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6756:TCP"=- Folder:: c:\documents and settings\Martin\Desktop\Dota keys C:\Documents and Settings\Martin\Desktop\CM C:\Documents and Settings\Martin\My Documents\DotaToolKit files Dirlook:: C:\WINDOWS\s16upd_id
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
ten mbam sme nedelali demontools odisntalovany cracky nemam mam jenom 1 hru v pc keygey take nemam
firewall clasicky od windoswu antivirak nepouzivam neviem aky je dobry
ty dve veci co mam stahnout co to vlastne dela rad bych vedel abych se priucil
utorent nemam asi zbytkova aplikace to mazu hned jak nekdy neco taham ...
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:07
Myslíte ten program na uninstall SPDT a defogger? To je na uplné odinstalování driveru pod Daemonu. Je možné, že je infikovaný a vrací nám tam tu bestii on.
Takže Stahněte si instalačku třeba Avastu a Zone alarmu, Jestli jste ještě nespouštěl ten fixdowndup, tak i ten. Pak pc odpojte od internetu, udělejte znovu combofix, pak Fixdowndup a pak nainstalujte Avast a Zone alarm. U Zone alarmu si pečlivě hlídejte, co pouštíte na net, když tak Vám pak pomůžu s nastavením.
A taky konečně spustte ten USBfix
. Musíte to všechno udělat, ať víme, kde se ta bestie drží.
Takže Stahněte si instalačku třeba Avastu a Zone alarmu, Jestli jste ještě nespouštěl ten fixdowndup, tak i ten. Pak pc odpojte od internetu, udělejte znovu combofix, pak Fixdowndup a pak nainstalujte Avast a Zone alarm. U Zone alarmu si pečlivě hlídejte, co pouštíte na net, když tak Vám pak pomůžu s nastavením.
A taky konečně spustte ten USBfix
. Musíte to všechno udělat, ať víme, kde se ta bestie drží.Re: Restartovani Pc
Napsal: 28 kvě 2011 15:08
tady je ten deforger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:05 on 28/05/2011 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
co se tyce toho spt tak tam mam moznost jenom install tak sem to dal a restartnul pc nic jine mi nevyhodiklo ted jdu ten combo fix
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:05 on 28/05/2011 (Martin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
co se tyce toho spt tak tam mam moznost jenom install tak sem to dal a restartnul pc nic jine mi nevyhodiklo ted jdu ten combo fix
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:09
Tak ho spustte znovu a dejte uninstall
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:21
tady je log na ten killall
ComboFix 11-05-27.02 - Martin 28.05.2011 16:11:40.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.759 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Desktop\CM
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\TestDLL.dll
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\examples.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\garena.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24c.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24d.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24e.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_25b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_26a.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\AutoTunnel.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\callmh.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\CDExploit.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.cfg
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ESPConfig.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ggsys.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\GM.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\hooker.mixtape
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\int.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESP.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESPLoader.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\RegFixer.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Settings.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Sid-Hax.exe
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\standard.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\tempfix.zip
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\UpdateOffsets.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WarKey.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WKSet.ini
c:\documents and settings\Martin\Desktop\CM\DATA\helpus.gif
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\done.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\doubleDamage.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enteredRoom.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enterVoice.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Version.ini
c:\documents and settings\Martin\Desktop\CM\GM.exe
c:\documents and settings\Martin\Desktop\CM\Registry Cleaner.bat
c:\documents and settings\Martin\Desktop\Dota keys
c:\documents and settings\Martin\Desktop\Dota keys\DotaToolKit.exe
c:\documents and settings\Martin\Desktop\Dota keys\DTKConfig.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKItemBuild.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKSkillBuild.ini
c:\documents and settings\Martin\My Documents\DotaToolKit files
c:\documents and settings\Martin\My Documents\DotaToolKit files\- None -.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Aghanim'sScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ArcaneBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Assault.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Avatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BattleFury.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BladeMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bloodstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Boots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BootsOfTravel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bottle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bracers.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAbomination.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNakama.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArachnathidGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArthas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAssassin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvengingWatcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBanshee.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBansheeRanger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBeastMaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueDemoness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueMagnataur.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNCentaurKhan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNClockWerkGoblin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDarkTrollShadowPriest.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDestroyer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDoomGuard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDranaiMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDruidOfTheClaw.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDryad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEredarWarlockPurple.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEvilIllidan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFacelessOne.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFaerieDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFelGuardBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFlyingMachine.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNForestTroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurbolgTracker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhostOfKelThuzad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhoul.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGnollWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGoblinSapper.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGuldan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeadHunterBerserker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHellScream.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroAlchemist.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroArchMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroBloodElfPrince.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroCryptLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDeathKnight.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDemonHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroFarseer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTaurenChieftain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTinker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHuntress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHydralisk.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosBlademaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosGrom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosWarlord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChimaera.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNIcyGhost.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNJaina.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKeeperGhostBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKiljaedin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKoboldGeomancer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLichVersion2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMedivh.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMountainGiant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMurgulShadowCaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaMyrmidon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNerubianQueen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNetherDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNOgreMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPandarenBrewmaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPhoenix1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPitLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPriestessOfTheMoon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNProudmoore.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPugna.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRazorback.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRifleman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSatyrTrickster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaElemental.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaGiantGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShadowHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShaman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonArcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSorceress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpell_Shadow_SummonVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpellBreaker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiderBlack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWyvern.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNStorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSylvanusWindrunner.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTauren.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTheCaptain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNThrall.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTichondrius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTreant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTrollBatRider.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTuskarr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNvengeanceincarnate.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWispHero.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWitchDoctor.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNZombie.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buckler.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buriza.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Butterfly.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\attack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\bonus.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\cancel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\DTK.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\hold.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\move.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\patrol.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\select.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill3.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill4.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill5.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill6.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skills.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\stop.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\Circlet.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Clarity.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ClawsOfAttack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CraniumBasher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cristalys.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Crow.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.tx
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.txt
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cyclone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dagon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DemonEdge.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Desolator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalLevel2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DivineRapier.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dominator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EnergyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EtherealBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ForceStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GauntletsOfStrength.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GGBranch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GhostScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Guinsoo.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HandOfMidas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Headress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HelmOfIronWill.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hood.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hyperstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ChainMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Chicken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\JanggoOfEndurance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Javelin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\KelenDagger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Linken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Lothar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Madness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MagicStick.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantaStyle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantleOfIntelligence.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MaskOfDeath.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mealstorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MedallionOfCourage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mekansm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MithrilHammer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mjollnir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Monkey.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mordiggan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MysticStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Necronomicon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OblivionStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OgreAxe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OrbOfVenom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Orchid.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Perseverance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PhaseBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Pipe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PlateMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PointBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PoorManShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsAgi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsInt.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsStr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuarterStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuelingBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Radiance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Reaver.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Refresher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfBasilius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfHealth.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfProtection.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingofRegeneration.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RobeOfTheMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Roshan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SacredRelic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Salve.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Sange.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SangeAndYasha.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Satanic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SentryWard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Shiva.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Skady.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SlippersOfAgility.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SmokeOfDeceit.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SobiMask.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulRing.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StaffOfWizardry.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StoutShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Talisman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\TalismanOfEvasion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tango.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tarrasque.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\TPScroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UltimateOrb.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UrnOfShadows.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vanguard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VeilOfDiscord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VitallyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vladimir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VoidStone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Wand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\WraithBand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Yasha.jpg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RWOUVYBHK
-------\Service_rwouvybhk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\s16upd_id ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\programy\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-28 16:20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 14:20
ComboFix2.txt 2011-05-28 08:44
ComboFix3.txt 2011-05-25 20:14
ComboFix4.txt 2011-05-25 14:35
ComboFix5.txt 2011-05-28 14:10
.
Pre-Run: 58 731 814 912 bytes free
Post-Run: 10 adresárov, 58 706 272 256 voľných bajtov
.
- - End Of File - - 7FE46B679B9F598CADD4F146EE94AF5F
skousel sem ta moznost mi nejde kliknut
ComboFix 11-05-27.02 - Martin 28.05.2011 16:11:40.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.759 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Martin\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Martin\Desktop\CM
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\_README.txt
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\DLL\TestDLL.dll
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\examples.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\garena.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24c.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24d.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_24e.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_25b.ini
c:\documents and settings\Martin\Desktop\CM\DATA\CustomFeatures\war3_26a.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\AutoTunnel.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\callmh.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\CDExploit.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.cfg
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\drop.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ESPConfig.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\ggsys.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\GM.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\hooker.mixtape
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\int.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESP.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\NxHeroESPLoader.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\RegFixer.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Settings.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\Sid-Hax.exe
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\standard.ini
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\tempfix.zip
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\UpdateOffsets.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WarKey.dll
c:\documents and settings\Martin\Desktop\CM\DATA\DLL\WKSet.ini
c:\documents and settings\Martin\Desktop\CM\DATA\helpus.gif
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\ddTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\done.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\doubleDamage.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enteredRoom.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\enterVoice.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\hasteTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\illusionTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\invTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenBot.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Sounds\regenTop.wav
c:\documents and settings\Martin\Desktop\CM\DATA\Version.ini
c:\documents and settings\Martin\Desktop\CM\GM.exe
c:\documents and settings\Martin\Desktop\CM\Registry Cleaner.bat
c:\documents and settings\Martin\Desktop\Dota keys
c:\documents and settings\Martin\Desktop\Dota keys\DotaToolKit.exe
c:\documents and settings\Martin\Desktop\Dota keys\DTKConfig.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKItemBuild.ini
c:\documents and settings\Martin\Desktop\Dota keys\DTKSkillBuild.ini
c:\documents and settings\Martin\My Documents\DotaToolKit files
c:\documents and settings\Martin\My Documents\DotaToolKit files\- None -.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Aghanim'sScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ArcaneBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Assault.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Avatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BattleFury.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BladeMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bloodstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Boots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BootsOfTravel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bottle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Bracers.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAbomination.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNakama.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArachnathidGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNArthas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAssassin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvatar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNAvengingWatcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBanshee.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBansheeRanger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBeastMaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueDemoness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNBlueMagnataur.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNCentaurKhan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNClockWerkGoblin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDarkTrollShadowPriest.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDestroyer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDoomGuard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDranaiMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDruidOfTheClaw.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNDryad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEredarWarlockPurple.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNEvilIllidan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFacelessOne.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFaerieDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFelGuardBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFlyingMachine.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNForestTroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurbolgTracker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNFurion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhostOfKelThuzad.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGhoul.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGnollWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGoblinSapper.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNGuldan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeadHunterBerserker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHellScream.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroAlchemist.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroArchMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroBloodElfPrince.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroCryptLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDeathKnight.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroDemonHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroFarseer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTaurenChieftain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroTinker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHeroWarden.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHuntress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNHydralisk.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosBlademaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosGrom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChaosWarlord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNChimaera.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNIcyGhost.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNJaina.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKeeperGhostBlue.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKiljaedin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNKoboldGeomancer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLichVersion2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNLion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMedivh.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMountainGiant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNMurgulShadowCaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaMyrmidon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNagaSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNerubianQueen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNNetherDragon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNOgreMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPandarenBrewmaster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPhoenix1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPitLord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPriestessOfTheMoon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNProudmoore.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNPugna.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRazorback.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNRifleman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSatyrTrickster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaElemental.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaGiantGreen.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSeaWitch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShadowHunter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNShaman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonArcher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSkeletonMage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSorceress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpell_Shadow_SummonVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpellBreaker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiderBlack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSpiritWyvern.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNStorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNSylvanusWindrunner.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTauren.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTheCaptain.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNThrall.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTichondrius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTreant.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTrollBatRider.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNTuskarr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNvengeanceincarnate.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNVoidWalker.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWispHero.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNWitchDoctor.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\BTNZombie.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buckler.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buriza.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Butterfly.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\attack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\bonus.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\cancel.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\DTK.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\hold.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\move.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\patrol.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\select.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill1.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill3.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill4.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill5.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skill6.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\skills.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\stop.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Buttons\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\Circlet.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Clarity.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ClawsOfAttack.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CraniumBasher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cristalys.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Crow.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.tx
c:\documents and settings\Martin\My Documents\DotaToolKit files\CustomKeys.txt
c:\documents and settings\Martin\My Documents\DotaToolKit files\Cyclone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dagon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DemonEdge.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Desolator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DiffusalLevel2.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\DivineRapier.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Dominator.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EnergyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\EtherealBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ForceStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GauntletsOfStrength.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GGBranch.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\GhostScepter.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Guinsoo.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HandOfMidas.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Headress.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\HelmOfIronWill.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hood.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Hyperstone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\ChainMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Chicken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\JanggoOfEndurance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Javelin.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\KelenDagger.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Linken.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Lothar.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Madness.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MagicStick.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantaStyle.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MantleOfIntelligence.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MaskOfDeath.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mealstorm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MedallionOfCourage.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mekansm.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MithrilHammer.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mjollnir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Monkey.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Mordiggan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\MysticStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Necronomicon.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OblivionStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OgreAxe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\OrbOfVenom.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Orchid.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Perseverance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PhaseBoots.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Pipe.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PlateMail.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PointBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PoorManShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsAgi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsInt.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\PowerTreadsStr.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuarterStaff.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\QuelingBlade.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Radiance.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Reaver.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Refresher.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfBasilius.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfHealth.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingOfProtection.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RingofRegeneration.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\RobeOfTheMagi.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Roshan.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SacredRelic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Salve.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Sange.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SangeAndYasha.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Satanic.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SentryWard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Shiva.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Skady.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SlippersOfAgility.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SmokeOfDeceit.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SobiMask.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\SoulRing.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StaffOfWizardry.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\StoutShield.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Talisman.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\TalismanOfEvasion.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tango.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Tarrasque.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Thumbs.db
c:\documents and settings\Martin\My Documents\DotaToolKit files\TPScroll.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UltimateOrb.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\UrnOfShadows.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vanguard.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VeilOfDiscord.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VitallyBooster.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Vladimir.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\VoidStone.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Wand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\WraithBand.jpg
c:\documents and settings\Martin\My Documents\DotaToolKit files\Yasha.jpg
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RWOUVYBHK
-------\Service_rwouvybhk
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\s16upd_id ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DAEMON Tools Lite - c:\programy\DAEMON Tools Lite\DTLite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-05-28 16:20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-28 14:20
ComboFix2.txt 2011-05-28 08:44
ComboFix3.txt 2011-05-25 20:14
ComboFix4.txt 2011-05-25 14:35
ComboFix5.txt 2011-05-28 14:10
.
Pre-Run: 58 731 814 912 bytes free
Post-Run: 10 adresárov, 58 706 272 256 voľných bajtov
.
- - End Of File - - 7FE46B679B9F598CADD4F146EE94AF5F
skousel sem ta moznost mi nejde kliknut
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:27
a tu je kontrolny log
ComboFix 11-05-27.02 - Martin 28.05.2011 16:22:33.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.742 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-28 16:26:57
ComboFix-quarantined-files.txt 2011-05-28 14:26
ComboFix2.txt 2011-05-28 14:20
ComboFix3.txt 2011-05-28 08:44
ComboFix4.txt 2011-05-25 20:14
ComboFix5.txt 2011-05-28 14:21
.
Pre-Run: 58 717 040 640 bytes free
Post-Run: 10 adresárov, 58 700 042 240 voľných bajtov
.
- - End Of File - - 05EEB9F8B1CB1F4241ED487706E92CE3
ComboFix 11-05-27.02 - Martin 28.05.2011 16:22:33.13.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.742 [GMT 2:00]
Running from: c:\documents and settings\Martin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-28 )))))))))))))))))))))))))))))))
.
.
2011-05-27 12:59 . 2011-05-27 20:23 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-27 12:59 . 2011-05-27 12:59 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-27 12:58 . 2011-05-27 12:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-05-25 14:22 . 2011-05-25 14:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-23 12:50 . 2004-05-17 06:00 33280 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2011-05-23 12:50 . 2004-05-17 05:49 198656 ----a-r- c:\windows\system32\fdco1.dll
2011-05-23 12:50 . 2004-05-10 00:53 32256 ----a-r- c:\windows\system32\nvconrm.dll
2011-05-23 12:50 . 2004-05-10 00:52 172032 ----a-w- c:\windows\system32\nvunrm.exe
2011-05-23 12:50 . 2004-05-17 06:00 12928 ----a-r- c:\windows\system32\drivers\nvnetbus.sys
2011-05-23 12:50 . 2004-05-17 06:00 56960 ----a-r- c:\windows\system32\drivers\nvnrm.sys
2011-05-23 12:50 . 2004-05-17 06:00 191232 ----a-r- c:\windows\system32\drivers\nvsnpu.sys
2011-05-23 12:50 . 2004-05-17 05:48 8192 ----a-r- c:\windows\system32\bdco1.dll
2011-05-23 12:18 . 2011-05-23 12:18 -------- d-----w- c:\program files\AMD
2011-05-23 12:18 . 2005-03-09 12:53 36352 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2011-05-23 12:08 . 2011-05-23 12:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-18 09:05 . 2011-05-04 11:54 302080 ----a-w- C:\gmer.exe
2011-05-18 07:58 . 2011-05-18 07:58 -------- d-----w- C:\_OTM
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\documents and settings\Martin\Application Data\IObit
2011-05-15 15:28 . 2011-05-15 15:28 -------- d-----w- c:\program files\IObit
2011-05-15 15:27 . 2011-05-15 15:27 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-05-15 15:26 . 2011-05-15 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-05-14 06:49 . 2011-05-15 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-05-14 06:48 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-05-14 06:48 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-05-12 12:40 . 2011-05-12 17:17 -------- d-----w- c:\documents and settings\Martin\Application Data\RIFT
2011-05-06 07:31 . 2008-04-14 03:41 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2011-05-06 07:30 . 2008-04-13 22:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- C:\rsit
2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 14:04 . 2010-11-16 14:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-26 16:49 . 2011-04-08 19:46 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-26 16:49 . 2011-04-08 19:51 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-26 16:49 . 2011-04-08 19:45 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-26 15:55 . 2011-04-08 19:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-04-21 18:59 . 2011-04-08 19:46 22328 ----a-w- c:\documents and settings\Martin\Application Data\PnkBstrK.sys
2011-04-18 12:42 . 2011-04-18 12:39 2829 ----a-w- c:\windows\War3Unin.pif
2011-04-18 12:42 . 2011-04-18 12:39 139264 ----a-w- c:\windows\War3Unin.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-17_16.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-23 14:23 . 2011-05-23 14:23 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
- 2011-04-28 18:38 . 2011-04-28 18:38 5120 c:\windows\Installer\{789289CA-F73A-4A16-A331-54D498CE069F}\Icon789289CA.exe
+ 2011-05-25 14:22 . 2011-05-25 14:22 239776 c:\windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe
+ 2011-05-23 12:07 . 2011-05-15 11:46 164592 c:\windows\PCHealth\HelpCtr\Config\Cache\Professional_32_1051.dat
+ 2011-03-03 14:50 . 2011-05-23 12:08 1234520 c:\windows\system32\Restore\rstrlog.dat
+ 2010-11-15 17:39 . 2011-05-25 14:22 6271136 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-15 19:02 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\programy\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 17:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-01-07 17:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 06:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-05-17 10:48 77824 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programy\\Skype\\Phone\\Skype.exe"=
.
S3 cpuz134;cpuz134;\??\c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Martin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\programy\Garena\safedrv.sys --> c:\programy\Garena\safedrv.sys [?]
S4 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
.
.
------- Supplementary Scan -------
.
uSearchAssistant =
TCP: DhcpNameServer = 195.12.128.1 195.72.0.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Martin\Application Data\Mozilla\Firefox\Profiles\ghya889f.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.azet.sk/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-28 16:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-05-28 16:26:57
ComboFix-quarantined-files.txt 2011-05-28 14:26
ComboFix2.txt 2011-05-28 14:20
ComboFix3.txt 2011-05-28 08:44
ComboFix4.txt 2011-05-25 20:14
ComboFix5.txt 2011-05-28 14:21
.
Pre-Run: 58 717 040 640 bytes free
Post-Run: 10 adresárov, 58 700 042 240 voľných bajtov
.
- - End Of File - - 05EEB9F8B1CB1F4241ED487706E92CE3
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:39
Už to vypadá dobře, ted udělejte ten USBfix a Fixdowndup. A pak se uvidí. Pak taky doinstalujte ten Avast a Zone alarm.
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:43
jasny rozumim takze sem mnel toho malware a rootkita v tom dotatoole a v gm?
Re: Restartovani Pc
Napsal: 28 kvě 2011 15:45
Po poradě s kolegou jsem oba programy smazala, mohl to být původce.
Jestli se bestie nevrátila poznáte tak, že Vám nepujdou načíst stránky antivirových firem nebo www.virustotal.com
Jestli se bestie nevrátila poznáte tak, že Vám nepujdou načíst stránky antivirových firem nebo www.virustotal.com
Re: Restartovani Pc
Napsal: 28 kvě 2011 18:02
ta stranka mi nacist jde
Re: Restartovani Pc
Napsal: 28 kvě 2011 21:34
Tak to sledujte .
.Re: Restartovani Pc
Napsal: 29 kvě 2011 10:27
motji píše:Tak to sledujte
to je ale smejd ...zase se vratil ja mu asi neco dluzim
Re: Restartovani Pc
Napsal: 29 kvě 2011 11:12
Zaskok
1:Ak chces mat cisty pocitac, musis presne robit to co kolegovia pisu.
Mas tam CONFICKER.
Takze ak ti pisu pouzi USBFIX, FIXDOWNADUP ,vloz sem log,,,atd,,ata, musis to spravit, a co je hlavne hned, a neodkladat to stale na druhy den.
2:Bezpodmienecne treba najprv nainstalovat FIREWALL.+AV
1:Ak chces mat cisty pocitac, musis presne robit to co kolegovia pisu.
Mas tam CONFICKER.
Takze ak ti pisu pouzi USBFIX, FIXDOWNADUP ,vloz sem log,,,atd,,ata, musis to spravit, a co je hlavne hned, a neodkladat to stale na druhy den.
2:Bezpodmienecne treba najprv nainstalovat FIREWALL.+AV