mbr rootkit pro Naughty

[hubertsvk]

zdravim pani
mam ntb infikovany v pamati mebroot -om vase postupy do poslednej bodky mi zlyhavaju mam hdd kryptovany truecryptom, jedna sa o win xp pro

norman simova/MBR cleaner hlasi hned na zaciatku "unable to scan Simova|MBR hooks
Antirootkit hlasi "eror loading/opening driver"

MBR vypuise
"Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): Proces nem˘×e zÝskaŁ prÝstup k s˙boru, preto×e
danř s˙bor prßve pou×Ýva inř proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!"

emebremover od esetu vypise
"ESET Win32/Mebroot fixer v2.0.0.2 (Sep 23 2010 10:28:10)
Copyright (c) 1992-2010 ESET, spol. s r.o. All rights reserved.
system x86 Mj 5, Mn 1, Bd 2600, SP 3
Internal error: driver not started"

viete mi poradit? prosim
prikladam log z TDSSkiller

ups .... ten nasiel nejaky vir ale chcel reboot spravil som a je fuc ostatne programy stale nejdu

[hubertsvk]

prikladam logy iba pripomeniem ze som v nudzovom rezime iba normalny rezim mrzne a neda sa v nom abrolutne pracovat


2011/09/18 19:59:21.0312 0588 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/18 19:59:21.0437 0588 ================================================================================
2011/09/18 19:59:21.0437 0588 SystemInfo:
2011/09/18 19:59:21.0437 0588
2011/09/18 19:59:21.0437 0588 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/18 19:59:21.0437 0588 Product type: Workstation
2011/09/18 19:59:21.0437 0588 ComputerName: GAVLAK
2011/09/18 19:59:21.0437 0588 UserName: Administrator
2011/09/18 19:59:21.0437 0588 Windows directory: C:\WINDOWS
2011/09/18 19:59:21.0437 0588 System windows directory: C:\WINDOWS
2011/09/18 19:59:21.0437 0588 Processor architecture: Intel x86
2011/09/18 19:59:21.0437 0588 Number of processors: 2
2011/09/18 19:59:21.0437 0588 Page size: 0x1000
2011/09/18 19:59:21.0437 0588 Boot type: Safe boot with network
2011/09/18 19:59:21.0437 0588 ================================================================================
2011/09/18 19:59:27.0843 0588 Initialize success
2011/09/18 20:00:14.0671 1596 ================================================================================
2011/09/18 20:00:14.0671 1596 Scan started
2011/09/18 20:00:14.0671 1596 Mode: Manual;
2011/09/18 20:00:14.0671 1596 ================================================================================
2011/09/18 20:00:24.0625 1596 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
2011/09/18 20:00:24.0765 1596 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
2011/09/18 20:00:24.0843 1596 Boot (0x1200) (17b0cbfd8a01716f974efda64b4bd12b) \Device\Harddisk0\DR0\Partition0
2011/09/18 20:00:24.0859 1596 ================================================================================
2011/09/18 20:00:24.0859 1596 Scan finished
2011/09/18 20:00:24.0859 1596 ================================================================================
2011/09/18 20:00:24.0875 0612 Detected object count: 1
2011/09/18 20:00:24.0875 0612 Actual detected object count: 1
2011/09/18 20:00:37.0531 0612 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.c) - will be cured after reboot
2011/09/18 20:00:37.0531 0612 \Device\Harddisk0\DR0 - ok
2011/09/18 20:00:37.0531 0612 Trojan-Clicker.Win32.Wistler.c(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/18 20:01:56.0140 2016 Deinitialize success


DDS (Ver_2011-08-26.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_14
Run by Administrator at 20:18:46 on 2011-09-18
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2006.1698 [GMT 2:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.live.com
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: WebTransBHO Class: {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: WebTranslator: {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [TrueCrypt Format] "c:\program files\truecrypt\TrueCrypt Format.exe" /acsysenc
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\Amsg.exe /startup
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
IE: {CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\all users\application data\langsoft\WebIE.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256713212968
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7E7F2356-69DE-406F-AE30-473CA2A0878E} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{CCDD43F1-D18E-4501-A0F1-2BB8241C9F6E} : DHCPNameServer = 192.168.0.1
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-18 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-18 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-18 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-3-4 20520]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-18 252712]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2006-4-30 69120]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-9-18 184536]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2008-5-10 1160440]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-18 337872]
S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-5-10 102400]
S2 gupdate;Služba Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-7-3 45424]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-12-10 583640]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-28 94208]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-9-18 371472]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-9-18 1117144]
S2 SessionLauncher;SessionLauncher;c:\docume~1\admini~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\admini~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-13 12560]
S2 SZASSIST;SecretZone Assist Service;c:\program files\clarus\samsung secretzone\SZAssistSVC.exe [2011-5-5 90112]
S2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-5-20 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-15 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-2-2 100736]
S3 mdf16;mdf16;c:\program files\clarus\samsung secretzone\mdf16.sys [2011-5-5 18288]
S3 mvd22;mvd22;c:\program files\clarus\samsung secretzone\mvd22.sys [2011-5-5 70512]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\admini~1\locals~1\temp\df509dc7.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admini~1\locals~1\temp\df509dc7.nmc\nse\bin\ndiskio.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-18 70664]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2008-2-23 37312]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\admini~1\locals~1\temp\df509dc7.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\admini~1\locals~1\temp\df509dc7.nmc\nse\bin\unhookmbrs.sys [?]
S4 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
.
=============== Created Last 30 ================
.
2011-09-18 17:20:51 -------- d-----w- c:\documents and settings\administrator\application data\TrueCrypt
2011-09-18 15:23:28 89088 ----a-w- C:\mbr.exe
2011-09-18 15:23:28 171920 ----a-w- C:\FixMebroot.exe
2011-09-18 15:23:28 1137360 ----a-w- C:\fsbl.exe
2011-09-18 15:23:18 16409960 ----a-w- C:\spybotsd162.exe
2011-09-18 15:23:17 328104 ----a-w- C:\EMebRemover.exe
2011-09-18 12:34:34 -------- d-----w- c:\documents and settings\administrator\application data\LangSoft
2011-09-18 12:33:35 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2011-09-18 12:02:34 -------- d-----w- c:\program files\CCleaner
2011-09-18 11:16:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-18 11:16:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 11:16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-18 09:48:15 767952 ----a-w- c:\windows\BDTSupport.dll
2011-09-18 09:48:15 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-09-18 09:48:14 2189264 ----a-w- c:\windows\PCTBDCore.dll
2011-09-18 09:48:14 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-09-18 09:46:18 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-18 09:46:18 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-18 09:46:17 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-18 09:46:09 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-18 09:46:09 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-18 09:46:07 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-18 09:46:02 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-18 09:45:36 -------- d-----w- c:\program files\PC Tools Security
2011-09-18 09:44:16 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-09-18 08:52:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-18 08:52:45 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-09-16 13:19:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-16 13:16:26 -------- d-----w- c:\windows\system32\NtmsData
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 06:30:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29:31 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 20:20:14,59 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 28. 10. 2009 4:29:45
System Uptime: 18. 9. 2011 20:16:34 (0 hours ago)
.
Motherboard: LENOVO | | 77324SG
Processor: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz | None | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 87,85 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Access Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizácia Microsoft Office Word 2007 Help (KB963665)
Apple Application Support
Apple Software Update
Browser Defender 3.0
CCleaner
Client Security - Password Manager
Color LaserJet 2600n
DirectXInstallService
Drag-to-Disc
E-Poradca August 2008
ESET NOD32 Antivirus
ESET Online Scanner v3
Google Toolbar for Internet Explorer
Google Update Helper
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
iLook 300
InfraRecorder
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
InterVideo Register Manager
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 14
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Lenovo Fingerprint Software
Lenovo Registration
Maintenance Manager
Malwarebytes' Anti-Malware verzia 1.51.2.1300
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Slovak) 2007
Microsoft Office Excel MUI (Slovak) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (Slovak) 2007
Microsoft Office PowerPoint MUI (Slovak) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Czech) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Hungarian) 2007
Microsoft Office Proof (Slovak) 2007
Microsoft Office Proofing (Slovak) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Slovak) 2007
Microsoft Office Shared MUI (Slovak) 2007
Microsoft Office Word MUI (Slovak) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (Slovak) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mobile Broadband Connect
Mobile Connect
Mobile Partner
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NHL® 08
Norton Security Scan
On Screen Display
Presentation Director
Productivity Center Supplement for ThinkPad
QuickTime
Registry Mechanic 10.0
Remove Hidden Data Tool
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Business Edition
Roxio Express Labeler 3
Samsung SecretZone
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Segoe UI
Skype™ 5.3
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
SoundMAX
Spybot - Search & Destroy
Spyware Doctor
swMSM
System Update
TeamViewer 4
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Total Commander (Remove or Repair)
TrueCrypt
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Verizon Wireless BroadbandAccess Self Activation
Wallpapers
WebFldrs XP
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archivátor
XP Themes
.
==== End Of File ===========================

[hubertsvk]

ComboFix 11-09-18.01 - Administrator . 09. 2011 20:43:37.1.2 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2006.1559 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\DetectSchedulerSU.exe.8badc819.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL146.tmp.61ed49dc.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\StartSuService.exe.ace7fffa.ini
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-08-18 to 2011-09-18 )))))))))))))))))))))))))))))))
.
.
2011-09-18 18:33 . 2011-09-18 18:33 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-09-18 17:20 . 2011-09-18 18:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\TrueCrypt
2011-09-18 15:23 . 2011-09-18 11:42 1137360 ----a-w- C:\fsbl.exe
2011-09-18 15:23 . 2011-09-18 11:00 89088 ----a-w- C:\mbr.exe
2011-09-18 15:23 . 2011-09-18 08:34 171920 ----a-w- C:\FixMebroot.exe
2011-09-18 15:23 . 2010-08-18 14:20 16409960 ----a-w- C:\spybotsd162.exe
2011-09-18 15:23 . 2011-09-18 10:14 328104 ----a-w- C:\EMebRemover.exe
2011-09-18 12:34 . 2011-09-18 12:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\LangSoft
2011-09-18 12:33 . 2011-09-18 12:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-09-18 12:02 . 2011-09-18 12:02 -------- d-----w- c:\program files\CCleaner
2011-09-18 11:16 . 2011-09-18 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-09-18 11:16 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-18 11:16 . 2011-09-18 11:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-18 09:48 . 2011-09-01 09:39 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-09-18 09:48 . 2011-09-01 09:38 767952 ----a-w- c:\windows\BDTSupport.dll
2011-09-18 09:48 . 2011-09-01 09:39 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-09-18 09:48 . 2011-09-01 09:39 2189264 ----a-w- c:\windows\PCTBDCore.dll
2011-09-18 09:46 . 2010-07-16 12:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-18 09:46 . 2010-07-16 12:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-18 09:46 . 2011-07-19 07:18 252712 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-18 09:46 . 2011-08-23 09:45 326688 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-18 09:46 . 2011-03-02 09:39 162200 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-18 09:46 . 2011-08-18 07:31 184536 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-18 09:46 . 2011-07-19 07:23 70664 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-18 09:45 . 2011-09-18 12:41 -------- d-----w- c:\program files\PC Tools Security
2011-09-18 09:44 . 2011-09-18 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-09-18 08:52 . 2011-09-18 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-09-18 08:52 . 2011-09-18 08:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-09-16 13:19 . 2011-05-04 02:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-16 13:16 . 2011-09-16 13:17 -------- d-----w- c:\windows\system32\NtmsData
2011-09-16 10:58 . 2011-09-16 10:58 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-09-03 10:17 . 2011-09-09 09:12 599040 ------w- c:\windows\system32\dllcache\crypt32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-02 06:30 . 2011-05-19 05:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2006-04-30 06:55 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2006-04-30 06:55 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2006-04-30 06:55 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt Format"="c:\program files\TrueCrypt\TrueCrypt Format.exe" [2011-05-05 1591760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2009-07-14 128296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-06-08 60192]
"TpShocks"="TpShocks.exe" [2009-03-05 185632]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-06-15 311296]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-06-15 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-07-05 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-07-05 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-04-29 424512]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ISTray"="c:\program files\PC Tools Security\pctsGui.exe" [2011-09-01 1600984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-8 607584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-21 23:54 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2009-05-14 14:47 2029640 ------w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2011-09-01 12:50 1600984 ----a-w- c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac7302\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2011-09-01 09:38 247760 ----a-w- c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18. 9. 2011 11:46 326688]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [18. 9. 2011 11:46 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [18. 9. 2011 11:46 656320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [4. 3. 2009 16:56 20520]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14. 5. 2009 16:49 94360]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [18. 9. 2011 11:46 252712]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 5. 2009 16:47 107256]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [18. 9. 2011 11:46 184536]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [9. 5. 2008 14:50 46144]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [10. 5. 2008 16:11 1160440]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [18. 9. 2011 11:48 337872]
S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [10. 5. 2008 16:24 102400]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7. 2. 2010 16:24 135664]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [3. 7. 2009 19:47 45424]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10. 12. 2010 9:38 583640]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [28. 10. 2009 5:15 94208]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [18. 9. 2011 11:45 371472]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [13. 3. 2009 23:47 12560]
S2 SZASSIST;SecretZone Assist Service;c:\program files\Clarus\Samsung SecretZone\SZAssistSVC.exe [5. 5. 2011 17:06 90112]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7. 10. 2009 14:50 185640]
S2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [20. 5. 2008 4:00 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [15. 5. 2008 1:25 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [9. 5. 2008 14:50 360448]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7. 2. 2010 16:24 135664]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2. 2. 2010 15:21 100736]
S3 mdf16;mdf16;c:\program files\Clarus\Samsung SecretZone\mdf16.sys [5. 5. 2011 17:06 18288]
S3 mvd22;mvd22;c:\program files\Clarus\Samsung SecretZone\mvd22.sys [5. 5. 2011 17:06 70512]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\df509dc7.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\df509dc7.nmc\nse\bin\ndiskio.sys [?]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [18. 9. 2011 11:46 70664]
S3 rkhdrv40;Rootkit Unhooker Driver; [x]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25. 4. 2008 17:15 1120752]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [23. 2. 2008 0:54 37312]
S3 UnhookMBRS;UnhookMBRS;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\df509dc7.nmc\nse\bin\unhookmbrs.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\df509dc7.nmc\nse\bin\unhookmbrs.sys [?]
S4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14. 5. 2009 16:47 731840]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:24]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 14:24]
.
2011-09-18 c:\windows\Tasks\Norton Security Scan for Milan.job
- c:\progra~1\NORTON~2\Engine\301~1.8\Nss.exe [2011-01-12 19:15]
.
2011-09-18 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-10-28 16:40]
.
2011-08-18 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2010-12-10 07:46]
.
2011-09-18 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2010-12-10 07:46]
.
2011-09-18 c:\windows\Tasks\User_Feed_Synchronization-{51597DF8-A7DC-429B-BDA4-7DADFD919B4B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-18 21:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,92,8f,2f,5a,fa,83,4b,9c,dd,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,21,92,8f,2f,5a,fa,83,4b,9c,dd,a0,\
.
[HKEY_USERS\S-1-5-21-4069816732-2335145970-1021124527-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,67,41,33,24,5f,12,4e,93,4b,16,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,67,41,33,24,5f,12,4e,93,4b,16,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(1368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Roxio\Virtual Drive 10\DC_ShellExt.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Completion time: 2011-09-18 21:17:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-18 19:17
.
Pre-Run: 94 218 821 632 bytes free
Post-Run: 94 180 343 808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - F5AAEA18284CC40DE000BDD6E2D6DD74

[hubertsvk]

tak sa ani nedostanem po prihlaseni nic nerobi nereaguje ukaze sa plocha a koniecn tuhy a to som aj povypinal vsetky programy ktore sa spustali pri starte ale este skusim spustit zo sysinternals.com autoruns a povypinat co sa da