Trojan ktorý napadol Windows - ako ho zničiť ?

Some dangerous trojan horses detected in your system. Microsoft Windows XP files corrupted.This Way lead to the destruction of important files in: c:/Windows. Download protection software now! Click OK to download the antispiware.Recommended.

Tak takúto hlášku som dostal a mašinka hlavne keď mala použivať explorer.exe totalne mrzne a dookola dáva uvedený anglický text. Po nainštalovaní príslušneho software/ie-antivirus ten hlasi výskyty ,ale nezničí výskyt -len za nakup software. Okrem toho mi system často vyhodí hlášku o nedostatku virtuálnej pamäte.
Bežne antivíry ako NOD32 , dr.WEB, Avira a spyware Search and Destroy, Ad-Aware, Spyware Doctor to nevyliečili. Skusil som ComboFix a bez úspechu . Obnova systému nepomáha. Poradí nejaká dobrá duša lebo reinštalovať Windows sa dosť bojím že by som mohol stratiť časť údajov a zálohu z Acronis True Image som ešte nerobil.......

Ďakujem.



Pridávam Hijack This :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43, on 2008-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\windows\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\windows\System32\alg.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\ThreatFire\TFService.exe
E:\INSTALACKY\PicPick\picpick.exe
C:\windows\explorer.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\WinOverBoost\wob2.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: InlineSearchHandleHotKeys Class - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\windows\system32\drivers\dcfssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 10367 bytes

Zdravim,

posli log z Ultimate Process Manageru. Rozbal a spust subor _MAKE_LOG_CZ.bat, zaskrtni procesy, po spusteni, sluzby, ovladace, moduly. Toto poznas?

C:\Program Files\The_Pirate_Bay

inak mas naraz zapnutych vela antispyverov(1antivir,+1antyspywear a + 1firewall) ...dinstaluj ich nechaj si z kazdeho jeden... mozno ti to hlasi preto ze sa biju...

potom skus toto http://avast.com/cze/avast-virus-cleaner.html

Avast Cleaner je uzkoprofilova utilita a je zbytocne ho skusat.

Žiaľ ten súbor po spustení ukáže tabuľku na úpravu zaškrtnutím ale mne stále ukazuje presypacie hodiny a program neodpovedá......nemáš iné riešenie lebo aj po preinštalovaní upm to robilo to isté.
Ten prg Pirate Bay je script do internet Exploreru ako doplnok na hladanie suborov na torrente. Inák som ho zmazal aj tak nepouživam Internet Explorer ale Operu.

Vďaka za pomoc

Pouzi tuto verziu.

Najlepsie format HDD a install win

SilverSurfer: Takuto radu si nechaj, prosim, pre seba a prispevky ziskavaj niekde inde. Vdaka

Windows XP SP 2 (build 2600)
Internet Explorer v7.00.6000.16674 (vista_gdr.080415-1732)
Log vygenerován:2008-06-28 20:26:21
================================================================

Test UPM
Testuji funkce...
NtSetInformationFile Hooked!
Opravuji funkce... OK

Běžící procesy
================================================================
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETLIMITER 2 PRO\NLSVC.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\ESET\NOD32KRN.EXE
C:\WINDOWS\SYSTEM32\IOCTLSVC.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\ESET\NOD32KUI.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\THREATFIRE\TFTRAY.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
C:\PROGRAM FILES\NETLIMITER 2 PRO\NLCLIENT.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\PROGRAM FILES\THREATFIRE\TFSERVICE.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4GUI.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4GUI.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\OPERA\OPERA.EXE
E:\INSTALACKY1\BEZPEČNOSŤ\ANTIVÍRY\AVAST\ASWCLNR.EXE
E:\INSTALACKY1\BEZPEČNOSŤ\ANTIVÍRY\AVAST\ASWCLNR.TMP
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\WINDOWS\SYSTEM32\CMD.EXE
E:\INSTALACKY\UPM\UPM.EXE

Po spuštění
================================================================

HKCU Run
|_ [S][ctfmon.exe] C:\windows\system32\ctfmon.exe

HKLM Run
|_ [?][CHotkey] C:\windows\mHotkey.exe
|_ [?][nod32kui] C:\Program Files\Eset\nod32kui.exe
|_ [?][SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
|_ [?][ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
|_ [?][ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe

HKLM ShellServiceObjectDelayLoad
|_ [S][PostBootReminder] C:\windows\system32\SHELL32.dll
|_ [S][CDBurn] C:\windows\system32\SHELL32.dll
|_ [S][WebCheck] C:\windows\system32\webcheck.dll
|_ [S][SysTray] C:\windows\system32\stobject.dll
|_ [S][WPDShServiceObj] C:\windows\system32\WPDShServiceObj.dll

HKLM Winlogon
|_ [S][Shell] C:\windows\Explorer.exe

HKLM Winlogon Notify
|_ [?][!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
|_ [?][AtiExtEvent] C:\windows\system32\Ati2evxx.dll
|_ [S][crypt32chain] C:\windows\system32\crypt32.dll
|_ [S][cryptnet] C:\windows\system32\cryptnet.dll
|_ [S][cscdll] C:\windows\system32\cscdll.dll
|_ [S][ScCertProp] C:\windows\system32\wlnotify.dll
|_ [S][Schedule] C:\windows\system32\wlnotify.dll
|_ [S][sclgntfy] C:\windows\system32\sclgntfy.dll
|_ [S][SensLogn] C:\windows\system32\WlNotify.dll
|_ [S][termsrv] C:\windows\system32\wlnotify.dll
|_ [S][wlballoon] C:\windows\system32\wlnotify.dll

Po spuštění
|_ LDE.dll
|_ MSCOMCTL.OCX
|_ nastaveni.usr
|_ prjXTab.ocx
|_ proc.db
|_ upm.dll
|_ upm.exe
|_ upm.exe.manifest
|_ upm_410_pre1.rar
|_ upm_4_0_0.zip
|_ upm_logfile.txt
|_ _MAKE_LOG_CZ.bat
|_ _MAKE_LOG_EN.bat
|_ _MAKE_LOG_SK.bat
|_ _reg.bat
|_ [!][LDE.dll] LDE.dll
|_ [S][MSCOMCTL.OCX] MSCOMCTL.OCX
|_ [!][nastaveni.usr] nastaveni.usr
|_ [?][prjXTab.ocx] prjXTab.ocx
|_ [!][proc.db] proc.db
|_ [?][upm.dll] upm.dll
|_ [R][upm.exe] upm.exe
|_ [!][upm.exe.manifest] upm.exe.manifest
|_ [!][upm_410_pre1.rar] upm_410_pre1.rar
|_ [!][upm_4_0_0.zip] upm_4_0_0.zip
|_ [!][upm_logfile.txt] upm_logfile.txt
|_ [!][_MAKE_LOG_CZ.bat] _MAKE_LOG_CZ.bat
|_ [!][_MAKE_LOG_EN.bat] _MAKE_LOG_EN.bat
|_ [!][_MAKE_LOG_SK.bat] _MAKE_LOG_SK.bat
|_ [!][_reg.bat] _reg.bat


HKLM BHO
|_ [?][{00011268-E188-40DF-A514-835FCD78B1BF}] C:\Program Files\IEPro\iepro.dll
|_ [?][{02478D38-C3F9-4EFB-9B51-7695ECA05670}] C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
|_ [?][{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] C:\Program Files\Winamp Toolbar\winamptb.dll
|_ [!][{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}] C:\TRANSLAT\WEBIE.DLL
|_ [?][{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
|_ [S][{9030D464-4C02-4ABF-8ECC-5164760863C6}] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
|_ [!][{B6FFE2AE-4D12-451F-B457-FE6125FFB1CF}] C:\Program Files\IEForge\Inline Search\InlineSearch.dll
|_ [S][{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] C:\Program Files\Windows Live Toolbar\msntb.dll
|_ [!][{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] C:\Program Files\Free Download Manager\iefdm2.dll

HKCU IE WebBrowser Toolbar
|_ [X][{855F3B16-6D32-4FE6-8A56-BBB695989046}] (Soubor nenalezen)
|_ [X][{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}] (Soubor nenalezen)
|_ [S][{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] C:\Program Files\Windows Live Toolbar\msntb.dll
|_ [S][{F2CF5485-4E02-4F68-819C-B92DE9277049}] C:\windows\system32\ieframe.dll
|_ [?][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
|_ [X][{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}] (Soubor nenalezen)
|_ [X][{2318C2B1-4965-11D4-9B18-009027A5CD4F}] (Soubor nenalezen)

HKLM IE Toolbar
|_ [!][{BFC32E1D-EE75-4A48-BC60-104E11EE2431}] C:\TRANSLAT\WEBIE.DLL
|_ [S][{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] C:\Program Files\Windows Live Toolbar\msntb.dll
|_ [?][{EF99BD32-C1FB-11D2-892F-0090271D4F88}] C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
|_ [?][{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] C:\Program Files\Winamp Toolbar\winamptb.dll
|_ [?][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i služby Microsoftu: False)
================================================================
[?] Ad-Aware 2007 Service
|_ Cesta: C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
| |_ Výrobce: Lavasoft
| |_ Popis: Ad-Aware 2007 Service
| |_ MD5: 07AE10139D7713D69F57209FDF0425CC
|
|_ Jméno: aawservice
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RpcSS

[?] Acronis Scheduler2 Service
|_ Cesta: C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
| |_ Výrobce: Acronis
| |_ Popis: Acronis Scheduler 2
| |_ MD5: F0D9441BB80C1FD44FE79495A7353C0C
|
|_ Jméno: AcrSch2Svc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RpcSs

[?] Ati HotKey Poller
|_ Cesta: C:\windows\system32\Ati2evxx.exe
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: E4F45E3B56003B41E7C7863F79F4C108
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] Dcfssvc
|_ Cesta: C:\windows\system32\drivers\dcfssvc.exe
| |_ Výrobce: Eastman Kodak Company
| |_ Popis: Kodak DC Ring 3 Conduit (Win32)
| |_ MD5: DD9CC789CC96358AE2033C0874EF7B36
|
|_ Jméno: Dcfssvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] NetLimiter
|_ Cesta: C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
| |_ Výrobce: Locktime Software
| |_ Popis: NetLimiter 2 service
| |_ MD5: C8F536FB328AFE64A7F18BBFC00B10EE
|
|_ Jméno: nlsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] NOD32 Kernel Service
|_ Cesta: C:\Program Files\Eset\nod32krn.exe
| |_ Výrobce: Eset
| |_ Popis: NOD32 Kernel Service
| |_ MD5: 9B18F31C059C5F061D6C628E0A771EC1
|
|_ Jméno: NOD32krn
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] PLFlash DeviceIoControl Service
|_ Cesta: C:\WINDOWS\system32\IoctlSvc.exe
| |_ Výrobce: Prolific Technology Inc.
| |_ Popis: PLFlash DeviceIoControl Service
| |_ MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
|
|_ Jméno: PLFlash DeviceIoControl Service
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] PC Tools Auxiliary Service
|_ Cesta: C:\Program Files\Spyware Doctor\pctsAuxs.exe
| |_ Výrobce: PC Tools
| |_ Popis: PC Tools Auxiliary Service
| |_ MD5: 7A95E655EF27C9A4321B520471866783
|
|_ Jméno: sdauxservice
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] PC Tools Security Service
|_ Cesta: C:\Program Files\Spyware Doctor\pctsSvc.exe
| |_ Výrobce: PC Tools
| |_ Popis: PC Tools Security Service
| |_ MD5: 4A5FEB6E495E54EFBE9FE1E7B7E1F657
|
|_ Jméno: sdCoreService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Sunbelt Personal Firewall 4
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
| |_ Výrobce: Sunbelt Software
| |_ Popis: Sunbelt Firewall Service
| |_ MD5: 7234E4B852F8FA0C48FF0E4FD7394490
|
|_ Jméno: SPF4
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
| |_ Výrobce: Crawler.com
| |_ Popis: Spyware Terminator Realtime Shield Service
| |_ MD5: 20CC04B6DC942027B294415CC7689204
|
|_ Jméno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] ThreatFire
|_ Cesta: C:\Program Files\ThreatFire\TFService.exe
| |_ Výrobce: PC Tools
| |_ Popis: PC Tools ThreatFire Service
| |_ MD5: 9191A964D4E08346D62FD5A8279F62FD
|
|_ Jméno: ThreatFire
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RPCSS


Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i ovladače Microsoftu: False)
================================================================
[?] ALCXWDM
|_ Cesta: C:\windows\system32\drivers\ALCXWDM.SYS
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek AC'97 Audio Driver (WDM)
| |_ MD5: 8A8909FDD548D84A3E02E04F699EE705
|
|_ Popis: Service for Realtek AC97 Audio (WDM)
|_ Status: OK
|_ Spuštěno: Ano

[?] AMON
|_ Cesta: C:\windows\system32\drivers\amon.sys
| |_ Výrobce: Eset
| |_ Popis: Amon monitor
| |_ MD5: D2C4B2BD75EB35E1E0DA7AD3B65D24D2
|
|_ Popis: AMON
|_ Status: OK
|_ Spuštěno: Ano

[?] Aspi32
|_ Cesta: C:\windows\system32\drivers\aspi32.sys
| |_ Výrobce: Adaptec
| |_ Popis: ASPI for WIN32 Kernel Driver
| |_ MD5: EB62FA6D7DA4E774E47D376E4D19CA5F
|
|_ Popis: Aspi32
|_ Status: OK
|_ Spuštěno: Ano

[?] ati2mtag
|_ Cesta: C:\windows\system32\DRIVERS\ati2mtag.sys
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI Radeon WindowsNT Miniport Driver
| |_ MD5: ED24215D4223C60989F02E196A1FFF73
|
|_ Popis: ati2mtag
|_ Status: OK
|_ Spuštěno: Ano

[!] BANTExt
|_ Cesta: C:\windows\system32\Drivers\BANTExt.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 5D7BE7B19E827125E016325334E58FF1
|
|_ Popis: Belarc SMBios Access
|_ Status: OK
|_ Spuštěno: Ano

[?] DcCam
|_ Cesta: C:\windows\system32\DRIVERS\DcCam.sys
| |_ Výrobce: Eastman Kodak Company
| |_ Popis: Kodak Digital Camera Driver
| |_ MD5: 844A9B14E2799A2ADEC1F392E7407D72
|
|_ Popis: Kodak Camera Proxy
|_ Status: OK
|_ Spuštěno: Ano

[?] DCFS2K
|_ Cesta: C:\windows\system32\drivers\dcfs2k.sys
| |_ Výrobce: Eastman Kodak Company
| |_ Popis: Kodak DC File System Driver (NT)
| |_ MD5: 7CEF1CD1DC5C24208F196C36EB48A411
|
|_ Popis: DCFS2K
|_ Status: OK
|_ Spuštěno: Ano

[?] drvmcdb
|_ Cesta: C:\windows\system32\DRIVERS\drvmcdb.sys
| |_ Výrobce: Sonic Solutions
| |_ Popis: Device Driver
| |_ MD5: 05110F7CEC95A9F3EB7D9FFE55E88E72
|
|_ Popis: drvmcdb
|_ Status: OK
|_ Spuštěno: Ano

[?] fwdrv
|_ Cesta: C:\windows\system32\drivers\fwdrv.sys
| |_ Výrobce: Sunbelt Software
| |_ Popis: Sunbelt Personal Firewall FWDRV
| |_ MD5: 3A3929B7A0EEEF83DF3A6C81E43A1FA9
|
|_ Popis: Firewall Driver
|_ Status: OK
|_ Spuštěno: Ano

[!] GDTdiInterceptor
|_ Cesta: C:\WINDOWS\system32\drivers\GDTdiIcpt.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: FA5A14606960CE9C12DD13A1A76E1B58
|
|_ Popis: GDTdiInterceptor
|_ Status: OK
|_ Spuštěno: Ano

[!] giveio
|_ Cesta: C:\windows\system32\giveio.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 77EBF3E9386DAA51551AF429052D88D0
|
|_ Popis: giveio
|_ Status: OK
|_ Spuštěno: Ano

[?] IKFileSec
|_ Cesta: C:\windows\system32\drivers\ikfilesec.sys
| |_ Výrobce: PCTools Research Pty Ltd.
| |_ Popis: File Security Device Driver
| |_ MD5: 3D8A88BD1E6A640807691198A8342E8C
|
|_ Popis: File Security Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] IKSysFlt
|_ Cesta: C:\windows\system32\drivers\iksysflt.sys
| |_ Výrobce: PCTools Research Pty Ltd.
| |_ Popis: System Filter Device Driver
| |_ MD5: 7583E2211097D273FCA4E3FCE04F639F
|
|_ Popis: System Filter Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] IKSysSec
|_ Cesta: C:\windows\system32\drivers\iksyssec.sys
| |_ Výrobce: PCTools Research Pty Ltd.
| |_ Popis: System Security Device Driver
| |_ MD5: 2402F65F1ECA5159C8F0F16066F4BDED
|
|_ Popis: System Security Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] khips
|_ Cesta: C:\windows\system32\drivers\khips.sys
| |_ Výrobce: Sunbelt Software
| |_ Popis: Sunbelt Personal Firewall Host Intrusion Prevention Driver
| |_ MD5: D44C0F4FC254344BAD74581632339963
|
|_ Popis: Kerio HIPS Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] nltdi
|_ Cesta: C:\windows\system32\drivers\nltdi.sys
| |_ Výrobce: Locktime Software
| |_ Popis: NetLimiter Driver
| |_ MD5: 3EE27BCFF781F07A12DF75E8BE852B0E
|
|_ Popis: nltdi
|_ Status: OK
|_ Spuštěno: Ano

[?] Ptilink
|_ Cesta: C:\windows\system32\DRIVERS\ptilink.sys
| |_ Výrobce: Parallel Technologies, Inc.
| |_ Popis: Parallel Technologies DirectParallel IO Library
| |_ MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
|
|_ Popis: Direct Parallel Link Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] PxHelp20
|_ Cesta: C:\windows\system32\Drivers\PxHelp20.sys
| |_ Výrobce: Sonic Solutions
| |_ Popis: Px Engine Device Driver for Windows 2000/XP
| |_ MD5: D86B4A68565E444D76457F14172C875A
|
|_ Popis: PxHelp20
|_ Status: OK
|_ Spuštěno: Ano

[?] RTL8023xp
|_ Cesta: C:\windows\system32\DRIVERS\Rtlnicxp.sys
| |_ Výrobce: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: E9877AA069DC11B03DBD1D33B8B2A3CA
|
|_ Popis: Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver
|_ Status: OK
|_ Spuštěno: Ano

[?] SASDIFSV
|_ Cesta: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
| |_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
| |_ Popis: SASDIFSV.SYS
| |_ MD5: C030C9A39E85B6F04A8DD25D1A50258A
|
|_ Popis: SASDIFSV
|_ Status: OK
|_ Spuštěno: Ano

[?] SASKUTIL
|_ Cesta: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
| |_ Výrobce: SUPERAdBlocker.com and SUPERAntiSpyware.com
| |_ Popis: SASKUTIL.SYS
| |_ MD5: 64C100DBF57C6CB6E7D5D24153F5E444
|
|_ Popis: SASKUTIL
|_ Status: OK
|_ Spuštěno: Ano

[!] Secdrv
|_ Cesta: C:\windows\system32\DRIVERS\secdrv.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: D26E26EA516450AF9D072635C60387F4
|
|_ Popis: Secdrv
|_ Status: OK
|_ Spuštěno: Ano

[?] snapman
|_ Cesta: C:\windows\system32\DRIVERS\snapman.sys
| |_ Výrobce: Acronis
| |_ Popis: Acronis Snapshot API
| |_ MD5: 5052DBAFC8F4E4507E6AD0D467DD3529
|
|_ Popis: Acronis Snapshots Manager
|_ Status: OK
|_ Spuštěno: Ano

[?] speedfan
|_ Cesta: C:\windows\system32\speedfan.sys
| |_ Výrobce: Windows (R) 2000 DDK provider
| |_ Popis: SpeedFan Device Driver
| |_ MD5: 5D6401DB90EC81B71F8E2C5C8F0FEF23
|
|_ Popis: speedfan
|_ Status: OK
|_ Spuštěno: Ano

[!] sp_rsdrv2
|_ Cesta: C:\windows\system32\drivers\sp_rsdrv2.sys
| |_ Výrobce: ?
| |_ Popis: ?
| |_ MD5: CCD6E6C387E3EFA3BA5FE0E7883821C1
|
|_ Popis: Spyware Terminator Driver 2
|_ Status: OK
|_ Spuštěno: Ano

[?] SRTSPX
|_ Cesta: C:\windows\system32\Drivers\SRTSPX.SYS
| |_ Výrobce: Symantec Corporation
| |_ Popis: Symantec AutoProtect
| |_ MD5: 8F46DBCD1B61D096F011BDD126B82817
|
|_ Popis: SRTSPX
|_ Status: OK
|_ Spuštěno: Ano

[?] symlcbrd
|_ Cesta: C:\windows\system32\drivers\symlcbrd.sys
| |_ Výrobce: Symantec Corporation
| |_ Popis: Symantec Core Component
| |_ MD5: 6E65FE9EB2406D17FE560711060B08DC
|
|_ Popis: symlcbrd
|_ Status: OK
|_ Spuštěno: Ano

[?] TfFsMon
|_ Cesta: C:\windows\system32\drivers\TfFsMon.sys
| |_ Výrobce: PC Tools
| |_ Popis: ThreatFire Filesystem Monitor
| |_ MD5: 1BDF0DEBD21B9A058CAEB4B7FDA0DF47
|
|_ Popis: TfFsMon
|_ Status: OK
|_ Spuštěno: Ano

[?] TfNetMon
|_ Cesta: C:\windows\system32\drivers\TfNetMon.sys
| |_ Výrobce: PC Tools
| |_ Popis: ThreatFire Network Monitor
| |_ MD5: F9A06F3EB668177C0A7F4E70713A22D2
|
|_ Popis: TfNetMon
|_ Status: OK
|_ Spuštěno: Ano

[?] TfSysMon
|_ Cesta: C:\windows\system32\drivers\TfSysMon.sys
| |_ Výrobce: PC Tools
| |_ Popis: ThreatFire System Monitor
| |_ MD5: C234C1FBB9301B945827AC6472887989
|
|_ Popis: TfSysMon
|_ Status: OK
|_ Spuštěno: Ano

[?] tifsfilter
|_ Cesta: C:\windows\system32\DRIVERS\tifsfilt.sys
| |_ Výrobce: Acronis
| |_ Popis: TrueImage File System Filter
| |_ MD5: B0FE76203C05E85C719DA23FC3FFF4EB
|
|_ Popis: Acronis TrueImage FS Filter
|_ Status: OK
|_ Spuštěno: Ano

[?] timounter
|_ Cesta: C:\windows\system32\DRIVERS\timntr.sys
| |_ Výrobce: Acronis
| |_ Popis: TrueImage Backup Archive Explorer
| |_ MD5: A549151C0B957E152641F22B3924A083
|
|_ Popis: Acronis TrueImage Backup Archive Explorer
|_ Status: OK
|_ Spuštěno: Ano


Moduly (Zobraz i DLL Microsoftu: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[!] pr_imon.dll
|_ Cesta: C:\Program Files\ESET\pr_imon.dll
|_ MD5: BF47F2EF0C53DEE8D0CF9CF0B5F8D531
|_ Výrobce:
|_ Procesy
|_ svchost.exe (1116)
|_ svchost.exe (1192)
|_ svchost.exe (1264)
|_ nlsvc.exe (320)
|_ nod32krn.exe (392)
|_ pctsSvc.exe (1000)
|_ nod32kui.exe (1308)
|_ TFTray.exe (1388)
|_ NLClient.exe (1932)
|_ kpf4ss.exe (2108)
|_ TFService.exe (2352)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)
|_ opera.exe (1500)

[!] unlockercom.dll
|_ Cesta: C:\Program Files\Unlocker\UnlockerCOM.dll
|_ MD5: 2E7C4FF26635204F17101D91CC2F045A
|_ Výrobce:
|_ Procesy
|_ explorer.exe (2020)

[!] rarext.dll
|_ Cesta: C:\Program Files\WinRAR\RarExt.dll
|_ MD5: 023707D932BA31314210E6844D33D500
|_ Výrobce:
|_ Procesy
|_ explorer.exe (2020)

[!] hkntdll.dll
|_ Cesta: C:\WINDOWS\HKNTDLL.dll
|_ MD5: 9D711D318BE62AC3245AFD4A7D555FBF
|_ Výrobce:
|_ Procesy
|_ explorer.exe (2020)
|_ mHotkey.exe (1352)
|_ opera.exe (1500)

[!] pr_upd.dll
|_ Cesta: C:\Program Files\ESET\pr_upd.dll
|_ MD5: 9AB3344F2E5A638B3CF1923588D6F7B5
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (392)
|_ nod32kui.exe (1308)

[!] pr_mirr.dll
|_ Cesta: C:\Program Files\ESET\pr_mirr.dll
|_ MD5: FC33C4CED8AE28320A687095DE924EB4
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (392)
|_ nod32kui.exe (1308)

[!] pr_dmon.dll
|_ Cesta: C:\Program Files\ESET\pr_dmon.dll
|_ MD5: FFF8E5F9233E14AF37B9BA361F6D1655
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (392)
|_ nod32kui.exe (1308)

[!] pr_emon.dll
|_ Cesta: C:\Program Files\ESET\pr_emon.dll
|_ MD5: 191801124222BC8DB7A716D246A14B6B
|_ Výrobce:
|_ Procesy
|_ nod32krn.exe (392)
|_ nod32kui.exe (1308)

[!] nod32rui.dll
|_ Cesta: C:\Program Files\ESET\nod32rui.dll
|_ MD5: B69DB9188DE6D269D37B45857A43EFC3
|_ Výrobce:
|_ Procesy
|_ nod32kui.exe (1308)

[!] pocoxml.dll
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll
|_ MD5: 668AAB2221F2C588A2200543CCF14FEA
|_ Výrobce:
|_ Procesy
|_ kpf4ss.exe (2108)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)

[!] pocoext.dll
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll
|_ MD5: 50764019F146982007AC5DEF44971708
|_ Výrobce:
|_ Procesy
|_ kpf4ss.exe (2108)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)

[!] ssleay32.dll
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\ssleay32.dll
|_ MD5: E4DF774312A6C2215D36F42E2CE8D4D8
|_ Výrobce:
|_ Procesy
|_ kpf4ss.exe (2108)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)

[!] libeay32.dll
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\libeay32.dll
|_ MD5: 96373C802D27D4F942B3D8E24F1CBDCE
|_ Výrobce:
|_ Procesy
|_ kpf4ss.exe (2108)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)

[!] pocofoundation.dll
|_ Cesta: C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll
|_ MD5: 8342EA2FB9B9DED9634D5E684A81AF0A
|_ Výrobce:
|_ Procesy
|_ kpf4ss.exe (2108)
|_ kpf4gui.exe (3736)
|_ kpf4gui.exe (2576)

[!] vxm.dll
|_ Cesta: C:\Program Files\Opera\vxm.dll
|_ MD5: 711C9F0EF379594626DCAAA2BC07C0C2
|_ Výrobce:
|_ Procesy
|_ opera.exe (1500)

[!] xmlparse.dll
|_ Cesta: C:\Program Files\Opera\xmlparse.dll
|_ MD5: B826D2F8E3D7C3B98FA64A87662FF437
|_ Výrobce:
|_ Procesy
|_ opera.exe (1500)

[!] vxmservices.dll
|_ Cesta: C:\Program Files\Opera\vxmservices.dll
|_ MD5: 5A0DC5006AF27EC2C4225AED66F728C3
|_ Výrobce:
|_ Procesy
|_ opera.exe (1500)

[!] lde.dll
|_ Cesta: E:\INSTALACKY\Upm\LDE.dll
|_ MD5: 0F13A4173A599AAA15E3B270E5E27A7F
|_ Výrobce:
|_ Procesy
|_ upm.exe (3012)



================================================================
Ultimate Process Manager v4.0.0 - [ Lodus Software ]

Pre Jebot :
Skúsil som aj Avast ale nenasiel nič.

Chlape, ja tam nic nevidim.


Posli mi na mail log z ESET SysInspectoru.

Bud nas nieco klame menom alebo to este stale nevidime. Ideme na to takto:

Mas tam nainstalovany nejaky software od Kodaku alebo Alcoholu?

Nechaj 1 antivir a 1 firewall, potom posli log z ComboFixu.

Od Kodaku áno o Alkohole neviem.

ComboFix :
ComboFix 08-06-20.4 - pistabaci 2008-06-28 21:18:08.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.178 [GMT 2:00]
Running from: C:\Documents and Settings\pistabaci\Plocha\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\regedit.com
C:\windows\system32\taskmgr.com
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\
.
---- Previous Run -------
.
C:\Program Files\180search assistant\
C:\Program Files\180searchassistant\
C:\Program Files\2search\
C:\Program Files\Accoona\
C:\Program Files\AVSystemCare\
C:\Program Files\bravesentry\
C:\Program Files\ClientMan\
C:\Program Files\CSBB\
C:\Program Files\DriveCleaner Free\
C:\Program Files\e2g\
C:\Program Files\HbTools\
C:\Program Files\Hotbar\
C:\Program Files\IEToolbar\
C:\Program Files\install provider\
C:\Program Files\instant access\
C:\Program Files\Instant Buzz\
C:\Program Files\ipwindows\
C:\Program Files\kuaiso toolsbar\
C:\Program Files\media-codec\
C:\Program Files\mmediacodec\
C:\Program Files\MyWebSearch\
C:\Program Files\newdotnet\
C:\Program Files\p4p\
C:\Program Files\PerfectCleaner\
C:\Program Files\PestTrap\
C:\Program Files\purityscan\
C:\Program Files\regifast\
C:\Program Files\seekmo\
C:\Program Files\SideFind\
C:\Program Files\spamblockerutility\
C:\Program Files\spysheriff\
C:\Program Files\Spytech Software\
C:\Program Files\starware\
C:\Program Files\stc\
C:\Program Files\SurfAccuracy\
C:\Program Files\surfsidekick 3\
C:\Program Files\toolbar888\
C:\Program Files\web buying\
C:\Program Files\webhancer\
C:\Program Files\WhenUSearch\
C:\Program Files\zango\
C:\windows\mc\
C:\windows\mslagent\
C:\windows\msvrc20.dll
C:\windows\wincomp\
C:\windows\winmgts\
C:\windows\wintrim\

.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.

2019-11-26 14:11 . 2008-01-10 21:38 12 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-28 17:25 . 2008-06-28 17:25 26 --a------ C:\WINDOWS\Lic.xxx
2008-06-28 17:02 . 2004-08-17 15:49 147,968 --a------ C:\WINDOWS\R.COM
2008-06-28 17:02 . 2007-05-11 16:27 137,216 --a------ C:\WINDOWS\system32\T.COM
2008-06-28 15:37 . 2008-06-28 15:37 <DIR> d-------- C:\Program Files\ThreatFire
2008-06-27 19:00 . 2008-06-28 21:14 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-27 18:14 . 2008-06-28 14:30 495 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-27 13:57 . 2008-06-27 13:57 <DIR> d-------- C:\Program Files\IObit
2008-06-27 06:28 . 2008-06-27 06:28 <DIR> d-------- C:\Program Files\filehippo.com
2008-06-24 21:54 . 2008-06-24 21:54 <DIR> d-------- C:\Documents and Settings\All Users\ćablony
2008-06-24 21:52 . 2008-06-24 21:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-06-23 20:53 . 2008-06-27 21:01 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-06-23 20:53 . 2008-06-23 20:53 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-22 12:05 . 2008-06-22 12:05 <DIR> d-------- C:\WINDOWS\PC Digital Safe
2008-06-22 10:30 . 2008-06-22 10:30 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenty
2008-06-22 04:28 . 2008-06-22 06:24 <DIR> d-------- C:\Documents and Settings\Administrator\DoctorWeb
2008-06-21 06:09 . 2008-06-23 23:13 <DIR> d-------- C:\Documents and Settings\pistabaci\DoctorWeb
2008-06-21 01:05 . 2008-06-26 15:22 <DIR> d-------- C:\Program Files\Crawler
2008-06-20 23:20 . 2008-06-28 14:40 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2008-06-19 00:31 . 2008-06-18 20:32 267,592 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-06-18 23:43 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-18 23:43 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-18 23:43 . 2008-06-28 07:17 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-18 23:43 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-18 09:08 . 2008-06-18 09:08 <DIR> dr-hs---- C:\WINDOWS\zeta.exe
2008-06-18 06:27 . 2008-06-18 06:45 <DIR> d-------- C:\Program Files\Rapidown
2008-06-17 10:13 . 2008-06-17 10:13 <DIR> d-------- C:\Program Files\SHOUTcast Source
2008-06-17 10:12 . 2008-06-17 10:20 <DIR> d-------- C:\Program Files\Zoom Player
2008-06-17 10:06 . 2008-06-17 10:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 10:06 . 2008-06-17 10:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-16 18:08 . 2008-06-16 18:08 0 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-06-16 07:28 . 2008-06-16 07:28 <DIR> d-------- C:\Program Files\GRETECH
2008-06-14 19:57 . 2008-06-14 19:57 2,560 --a------ C:\WINDOWS\system32\settings.aaw
2008-06-14 19:57 . 2008-06-14 19:57 704 --a------ C:\WINDOWS\system32\history.aaw
2008-06-14 17:19 . 2008-06-14 20:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-11 09:11 . 2008-06-14 19:23 <DIR> d-------- C:\Program Files\abcAVI
2008-06-09 20:46 . 2008-06-16 12:50 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-09 20:44 . 2008-06-09 20:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-08 10:44 . 2008-03-26 11:15 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-06-08 10:43 . 2008-06-08 10:43 <DIR> d-------- C:\Intel
2008-06-04 21:19 . 2008-06-08 06:33 526 --a------ C:\WINDOWS\ATICIM.INI
2008-06-04 20:00 . 2008-06-04 20:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-31 09:39 . 2008-05-31 09:39 <DIR> d-------- C:\Program Files\ATI Technologies

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 18:18 --------- d-----w C:\Program Files\IEPro
2008-06-27 16:34 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-06-27 03:30 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-06-26 22:48 --------- d-----w C:\Program Files\FlashFXP
2008-06-26 22:26 --------- d-----w C:\Program Files\Desktop Maestro
2008-06-26 15:17 --------- d-----w C:\Program Files\WhatsRunning
2008-06-25 16:38 --------- d-----w C:\Program Files\ApexDC++
2008-06-24 03:05 --------- d-----w C:\Program Files\Wise Registry Cleaner
2008-06-18 04:16 --------- d-----w C:\Program Files\Ant Movie Catalog
2008-06-17 16:09 --------- d-----w C:\Program Files\Revo Uninstaller
2008-06-16 11:18 --------- d-----w C:\Program Files\Privacy Guardian
2008-06-16 05:19 --------- d-----w C:\Program Files\Google
2008-06-14 18:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-14 17:05 --------- d-----w C:\Program Files\Opera
2008-06-10 04:12 --------- d-----w C:\Program Files\Easy Duplicate Finder
2008-06-04 19:54 --------- d-----w C:\Program Files\GoQ - NetRadio
2008-06-04 19:04 --------- d-----w C:\Program Files\IsoBuster
2008-06-04 06:59 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-05-31 07:40 --------- d-----w C:\Program Files\Unlocker
2008-05-31 07:40 --------- d-----w C:\Program Files\CCleaner
2008-05-27 16:14 --------- d-----w C:\Program Files\uTorrent
2008-05-26 16:42 --------- d-----w C:\Program Files\Realtek AC97
2008-05-24 19:02 --------- d-----w C:\Program Files\MGrab
2008-05-22 08:06 --------- d-----w C:\Program Files\SpeedFan
2008-05-22 08:01 --------- d-----w C:\Program Files\SpeedFan(2)
2008-05-20 09:20 --------- d-----w C:\Program Files\Lingea
2008-05-19 13:50 --------- d-----w C:\Program Files\Common Files\GTK
2008-05-16 14:34 --------- d-----w C:\Program Files\Glary Utilities
2008-05-15 04:51 --------- d-----w C:\Program Files\Malware Blocker
2008-05-14 08:18 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 13:31 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 5
2008-05-12 13:23 --------- d-----w C:\Program Files\Common Files\Moonlight
2008-05-12 12:16 --------- d-----w C:\Program Files\Common Files\DBOXII
2008-05-12 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 10:07 --------- d-----w C:\Program Files\Moonlight Cordless
2008-05-12 07:43 --------- d-----w C:\Program Files\VideoInspector
2008-05-08 12:28 202,752 ----a-w C:\windows\system32\drivers\rmcast.sys
2008-05-05 18:46 27,048 ----a-w C:\windows\system32\drivers\mbamcatchme.sys
2008-05-05 18:46 15,864 ----a-w C:\windows\system32\drivers\mbam.sys
2008-05-03 11:55 --------- d-----w C:\Program Files\Torrent Harvester
2008-05-02 04:53 --------- d-----w C:\Program Files\Foxit Software
2008-05-01 07:54 --------- d-----w C:\Program Files\xp-AntiSpy
2008-04-30 14:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 04:44 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-04-23 04:16 826,368 ----a-w C:\windows\system32\wininet.dll
2008-04-14 19:03 8,192 ----a-w C:\ntuser.dat
2008-03-31 21:25 682,496 ----a-w C:\windows\system32\divx.dll
2008-03-29 05:19 9,801,728 -c--a-w C:\windows\system32\atioglx2.dll
2008-03-29 04:40 167,936 ----a-w C:\windows\system32\atiok3x2.dll
2008-03-29 04:05 372,736 -c--a-w C:\windows\system32\ATIDEMGX.dll
2008-03-29 04:04 299,008 ----a-w C:\windows\system32\ati2dvag.dll
2008-03-29 03:56 172,032 ----a-w C:\windows\system32\atipdlxx.dll
2008-03-29 03:56 126,976 -c--a-w C:\windows\system32\Oemdspif.dll
2008-03-29 03:55 43,520 ----a-w C:\windows\system32\ati2edxx.dll
2008-03-29 03:55 26,112 -c--a-w C:\windows\system32\Ati2mdxx.exe
2008-03-29 03:55 126,976 ----a-w C:\windows\system32\ati2evxx.dll
2008-03-29 03:54 536,576 ----a-w C:\windows\system32\ati2evxx.exe
2008-03-29 03:52 53,248 -c--a-w C:\windows\system32\ATIDDC.DLL
2008-03-29 03:43 3,176,480 ----a-w C:\windows\system32\ati3duag.dll
2008-03-29 03:39 307,200 -c--a-w C:\windows\system32\atiiiexx.dll
2008-03-29 03:36 1,765,120 ----a-w C:\windows\system32\ativvaxx.dll
2008-03-29 03:24 46,080 -c--a-w C:\windows\system32\amdpcom32.dll
2008-03-29 03:23 5,439,488 -c--a-w C:\windows\system32\atioglxx.dll
2008-03-29 03:21 393,216 ----a-w C:\windows\system32\atikvmag.dll
2008-03-29 03:19 17,408 -c--a-w C:\windows\system32\atitvo32.dll
2008-03-29 03:12 520,192 ----a-w C:\windows\system32\ati2cqag.dll
2008-03-28 19:05 593,920 ----a-w C:\windows\system32\ati2sgag.exe
2008-03-28 17:41 7,680 ----a-w C:\windows\system32\ff_vfw.dll
2008-01-21 08:34 131,584 -c--a-w C:\Documents and Settings\pistabaci\ClamAVServer.dll
2007-12-05 07:46 320,000 -c--a-w C:\Documents and Settings\pistabaci\Sp_clamsrv.exe
2007-08-27 13:13 5,848 -c--a-w C:\Documents and Settings\pistabaci\xClamAVServerSources.zip
2007-08-21 20:01 638,976 -c--a-w C:\Documents and Settings\pistabaci\libclamav.dll
2007-05-03 01:03 30,208 -c--a-w C:\Documents and Settings\pistabaci\pthreadVC2.dll
2006-10-25 04:17 417,792 -c--a-w C:\Documents and Settings\pistabaci\clamav.dll
2005-09-23 04:56 479,232 -c--a-w C:\Documents and Settings\pistabaci\msvcm80.dll
2005-09-22 21:05 626,688 -c--a-w C:\Documents and Settings\pistabaci\msvcr80.dll
2005-09-22 21:05 548,864 -c--a-w C:\Documents and Settings\pistabaci\msvcp80.dll
2005-01-28 14:15 73,728 -csha-w C:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2004-08-17 13:49 60,416 -csha-w C:\windows\ServicePackFiles\i386\msimn.exe
2006-05-03 09:06 163,328 -csha-r C:\windows\system32\flvDX.dll
2007-12-23 15:57 848 -csha-w C:\windows\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csha-r C:\windows\system32\msfDX.dll
2008-03-15 15:58 32,768 -csha-w C:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2008-03-20 00:36 1267040 --a--c--- C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-17 15:49 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="mHotkey.exe" [2002-07-05 17:37 491008 C:\WINDOWS\mHotkey.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-25 11:39 917504]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-23 20:53 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SharedAccess"=2 (0x2)
"O&O Defrag"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=C:\Program Files\NetLimiter 2 Pro\nlsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"C:\\Program Files\\MGrab\\MGrab.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\DCC-Sony\\DCC.exe"=
"C:\\Documents and Settings\\pistabaci\\Plocha\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"9999:TCP"= 9999:TCP:Strong DC++

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys [2008-04-25 00:52]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys [2008-04-25 00:52]
R1 fwdrv;Firewall Driver;C:\windows\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\windows\system32\drivers\khips.sys [2007-04-26 10:21]
R1 nltdi;nltdi;C:\windows\system32\drivers\nltdi.sys [2007-04-23 13:03]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\windows\system32\drivers\sp_rsdrv2.sys [2008-06-23 20:53]
R2 GDTdiInterceptor;GDTdiInterceptor;C:\WINDOWS\system32\drivers\GDTdiIcpt.sys [2007-02-20 21:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service []
R3 PSched;Plánovač paketů technologie QoS;C:\windows\system32\DRIVERS\psched.sys [2004-08-03 23:04]
R3 TfNetMon;TfNetMon;C:\windows\system32\drivers\TfNetMon.sys [2008-04-25 00:52]
S3 Avgfwdx;Avgfwdx;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwdx.sys [2008-03-24 22:39]
S3 kvpndev;Kerio VPN adapter;C:\windows\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys [2007-11-06 22:22]
S3 PLFF;USB Flash Disk Driver;C:\windows\system32\Drivers\PLFF.sys [2003-10-06 11:29]
S3 tap0901_2gm;VPN Anonymizer Adapter;C:\windows\system32\DRIVERS\tap0901_2gm.sys [2007-06-21 16:21]
S3 TVICHW32;TVICHW32;C:\windows\system32\DRIVERS\TVICHW32.SYS [2007-01-18 14:38]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\windows\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\windows\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-27 15:22:34 C:\windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2008-06-28 14:30:25 C:\windows\Tasks\Advanced WindowsCare V2 Pro.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe
"2008-06-28 18:00:20 C:\windows\Tasks\AwcProUpdate.job"
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.ex
- C:\Program Files\IObit\Advanced WindowsCare V2 Pro
"2008-06-28 18:56:09 C:\windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-28 19:36:05 C:\windows\Tasks\EasyShare Registration RunOnce Task.job"
- C:\windows\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\DATAAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOfferSilence@16
"2008-06-28 19:36:09 C:\windows\Tasks\GlaryInitialize.job"
- C:\Program Files\Glary Utilities\initialize.exe
"2008-06-15 11:28:07 C:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 07:37:23 C:\windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-06 11:16:04 C:\windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-28 07:32:00 C:\windows\Tasks\Úklid 1 kliknutím.job"

Zlepsilo sa to alebo este je nejaky viditelny problem?


Otestuj na www.virustotal.com tento subor:

Sunbelt našiel VIPRE.Suspicious

Potom je subor OK. Problem sa vyriesil?

Nie problém zostáva. Našiel som na webe stránku, ktorá to asi rieši , ale ja žiaľ neviem dostatočne anglicky. Nepozrel by si sa na ňu ?

http://www.removeadware.com.au/articles ... gieantivir

Mám funkčný prg XoftSpySE

Ďakujem

Stiahni, nainštaluj, spusti scan, a ten hajzel sa už nevráti..

P.S.: Nabudúce by ti mohlo toto pomôcť http://translate.google.com/translate_t

Žiaľ nie je to pravda. Ostáva tam po XoftSpySE asi 162 súborov ktoré nevymaže a problém pretrváva. Nie je tam popísaný spôsob aj bez tohoto programu ?

Už som z toho grogy...

http://translate.google.com/translate?u ... l=en&tl=cs

/Je tam návod na ručné odstránenie, niekde na spode stránky...

skus:
http://www.malwareteks.com/FixIEDef.php

ale mal by ti ten fake odstranit aj SaS:
http://www.superantispyware.com/

..stiahnes, updatnes a prescanujes..

Myslím si , že sme trafili klinec po hlavičke
http://www.malwareteks.com/FixIEDef.php
Aj http://www.superantispyware.com/ našiel a zlikvidoval cca 100 svinstiev.

yaJohny a ostatní super ďakujem.



Potvrdené systém ide bez problémov a fungujú všetky programy.
Dva dni hororu skončili.

Netrafili...........
Po jednom dni kľudu som v tom opäť.



No poradil som si cez núdzový režim a Dr.WEB .
Zatiaľ čistý.