Pomoc pri odstráneni pravdepodobného vírusu

Keď zapnem počítač tak mi začnú preblikávať ikony so spodnou lištou a potom celkom zmiznú.Spustiť programy sa dá len cez správcu úloh. Používam ESET Smart Security a ten mi pri každej kontrole nájde nejaké infiltrácie ale pri reštarte nenastane žiadna zmena.

Nevedel by mi niekto pomôcť vyriešiť tento problém?

Ahoj,

posli log z Ultimate Process Manageru. Spusti subor _MAKE_LOG_SK.bat, zaskrtaj bežiace procesy, po spustení, moduly, služby, ovládače a cakaj.

ahoj ked som dala otvorit to make_log_SK tak mi vyskocila nejaká chyba: "systém Windows nemôže nájsť súbor "upm.exe."

Rozbalila si stiahnuty subor do jedneho adresara?

sak som to stiahla a otvorila v win rare no a tam som klikla na to make a nic...

Cize nie.

no uz to ide

Fajn a kde je vypis?

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Overení sůborů Microsoftu: Áno
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerovaný:22. 8. 2008 13:06:16
================================================================

Test UPM
Testujem funkcie...
NtCreateFile Hooked!
NtWriteFile Hooked!
Opravujem funkcie... OK

Bežiace procesy
================================================================

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\ASWLSVC.EXE
C:\PROGRAM FILES\DU METER\DUMETERSVC.EXE
C:\PROGRAM FILES\ESET\ESET SMART SECURITY\EKRN.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSAUXS.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSSVC.EXE
C:\WINDOWS\SYSTEM32\ASWL2K.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\PCTSTRAY.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\PROGRAM FILES\ESET\ESET SMART SECURITY\EGUI.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\HUAWEI TECHNOLOGIES\MOBILE CONNECT\MOBILE CONNECT.EXE
C:\PROGRAM FILES\WINRAR\WINRAR.EXE
C:\DOCUMENTS AND SETTINGS\BARA\LOCAL SETTINGS\TEMP\RAR$EX49.453\UPM.EXE
C:\PROGRAM FILES\TC UP\TOTALCMD.EXE
E:\UPM\UPM.EXE

Po spustení
================================================================
HKLM RunOnce: 16:20:30 21.08. 2008


HKCU Run
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
|_ [!][DU Meter] C:\Program Files\DU Meter\DUMeter.exe
|_ [?][OEXPRESS] C:\Documents and Settings\All Users\Application Data\LangSoft\OETRN.EXE
|_ [R][Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

HKLM Run
|_ [?][HControl] C:\WINDOWS\ATK0100\HControl.exe
|_ [?][RTHDCPL] C:\WINDOWS\RTHDCPL.EXE
|_ [?][Alcmtr] C:\WINDOWS\ALCMTR.EXE
|_ [?][ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
|_ [?][Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
|_ [?][Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
|_ [?][SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
|_ [?][ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
|_ [?][ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
|_ [?][Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
|_ [?][SMSERIAL] C:\WINDOWS\sm56hlpr.exe
|_ [R][egui] C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice
|_ [?][OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
|_ [?][PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
|_ [?][QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime
|_ [?][PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
|_ [?][HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

HKU Run
|_ [?][PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

HKLM Winlogon Notify
|_ [?][AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll
|_ [?][ssqRkKdC] C:\WINDOWS\system32\ssqRkKdC.dll

Po spustení
|_ C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
|_ C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
|_ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


HKLM BHO
|_ [?][{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}] C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
|_ [?][{474C31C5-578B-4192-8562-2E474578DC27}] C:\WINDOWS\system32\ssqRkKdC.dll
|_ [X][{47CEB05F-EB5D-4F43-BA1D-FEF915B36674}] C:\WINDOWS\system32\xxyvwuUK.dll (Súbor nebol nájdený)
|_ [?][{90810D55-8BFD-4787-827F-4F8CCECE4C5D}] C:\WINDOWS\system32\ssqQhhHb.dll

HKCU IE WebBrowser Toolbar
|_ [X][{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}] (Súbor nebol nájdený)

HKCU IE Toolbar
|_ [X][{1E796980-9CC5-11D1-A83F-00C04FC99D61}] (Súbor nebol nájdený)

HKLM IE Toolbar
|_ [?][{BFC32E1D-EE75-4A48-BC60-104E11EE2431}] C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll

Služby (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i služby Microsoftu: False)
================================================================
[?] ASWLSVC
|_ Cesta: C:\WINDOWS\system32\ASWLSVC.exe
| |_ Výrobca:
| |_ Popis:
| |_ MD5: B0A338125EBB7E34F153A91A32040FAC
|
|_ Meno: ASWLSVC
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ:
|_ Dependency:

[?] Ati HotKey Poller
|_ Cesta: C:\WINDOWS\system32\Ati2evxx.exe
| |_ Výrobca: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: 7F8FE2DC29AE418D3DAC8DC6B08953C3
|
|_ Meno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ:
|_ Dependency:

[?] hpqcxs08
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
| |_ Výrobca: Hewlett-Packard Co.
| |_ Popis: HP CUE Context Manager Objects
| |_ MD5: 38D6B51F04DEF7FB248FA56E4C47407E
|
|_ Meno: hpqcxs08
|_ StartName: LocalSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] HP CUE DeviceDiscovery Service
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
| |_ Výrobca: Hewlett-Packard Co.
| |_ Popis: HP CUE DeviceDiscovery Service
| |_ MD5: 3EE4A63539EC04EE2D4BD293985087AB
|
|_ Meno: hpqddsvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[?] Net Driver HPZ12
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\system32\HPZinw12.dll
| |_ Výrobca: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 51C6D8BFBD4EA5B62A1BA7F4469250D3
|
|_ Meno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Pml Driver HPZ12
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\system32\HPZipm12.dll
| |_ Výrobca: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 79834AA2FBF9FE81EEBB229024F6F7FC
|
|_ Meno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:


Ovládače (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i služby Microsoftu: False)
================================================================
[?] ASNDIS5 Protocol Driver
|_ Cesta: C:\WINDOWS\system32\ASNDIS5.SYS
| |_ Výrobca: Printing Communications Assoc., Inc. (PCAUSA)
| |_ Popis: PCAUSA NDIS 5.0 Protocol Driver
| |_ MD5: 05A56C3156E1B6CC7BBD8E1D54D491F2
|
|_ Meno: ASNDIS5
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] ati2mtag
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
| |_ Výrobca: ATI Technologies Inc.
| |_ Popis: ATI Radeon WindowsNT Miniport Driver
| |_ MD5: FD6D77A3070A57308D87A7D57144AAE0
|
|_ Meno: ati2mtag
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] ASUS 802.11 Network Adapter Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
| |_ Výrobca: Broadcom Corporation
| |_ Popis: Broadcom 802.11 Network Adapter wireless driver
| |_ MD5: E7DEBB46B9EF1F28932E533BE4A3D1A9
|
|_ Meno: BCM43XX
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Microsoft UAA Bus Driver for High Definition Audio
|_ Cesta: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
| |_ Výrobca: Windows (R) Server 2003 DDK provider
| |_ Popis: High Definition Audio Bus Driver v1.0a
| |_ MD5: 573C7D0A32852B48F3058CFD8026F511
|
|_ Meno: HDAudBus
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Huawei DataCard USB Modem and USB Serial
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
| |_ Výrobca: Huawei Technologies Co., Ltd.
| |_ Popis: USB Modem/Serial Device Driver
| |_ MD5: 2910A14DD8807FD0E6C263599BDFC520
|
|_ Meno: hwdatacard
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Service for Realtek HD Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\RtkHDAud.sys
| |_ Výrobca: Realtek Semiconductor Corp.
| |_ Popis: Realtek(r) High Definition Audio Function Driver
| |_ MD5: 7C09D605FCAE64E3CB11EBF90FB1E3A1
|
|_ Meno: IntcAzAudAddService
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] AEGIS Protocol (IEEE 802.1x) v2.3.1.9
|_ Cesta: C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
| |_ Výrobca: Meetinghouse Data Communications
| |_ Popis: IEEE 802.1X Protocol Driver
| |_ MD5: D7010580BF4E45D5E793A1FE75758C69
|
|_ Meno: MDC8021X
|_ StartName:
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] ATK0100 ACPI UTILITY
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
| |_ Výrobca:
| |_ Popis: ATK0100 ACPI Utility
| |_ MD5: E333010A50BF603ACC350F6019E9CE02
|
|_ Meno: MTsensor
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] VSO Software pcouffin
|_ Cesta: C:\WINDOWS\System32\Drivers\pcouffin.sys
| |_ Výrobca: VSO Software
| |_ Popis: low level access layer for CD/DVD/BD devices
| |_ MD5: 5B6C11DE7E839C05248CED8825470FEF
|
|_ Meno: pcouffin
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Padus ASPI Shell
|_ Cesta: C:\WINDOWS\system32\drivers\pfc.sys
| |_ Výrobca: Padus, Inc.
| |_ Popis: Padus(R) ASPI Shell
| |_ MD5: 957B82EC80AD7EAD64E5E47DF6B0DC40
|
|_ Meno: pfc
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Direct Parallel Link Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ptilink.sys
| |_ Výrobca: Parallel Technologies, Inc.
| |_ Popis: Parallel Technologies DirectParallel IO Library
| |_ MD5: 80D317BD1C3DBC5D4FE7B1678C60CADD
|
|_ Meno: Ptilink
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] rimsptsk
|_ Cesta: C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
| |_ Výrobca: REDC
| |_ Popis: RICOH MS Driver
| |_ MD5: 1BDBA2D2D402415A78A4BA766DFE0F7B
|
|_ Meno: rimsptsk
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] risdptsk
|_ Cesta: C:\WINDOWS\system32\DRIVERS\risdptsk.sys
| |_ Výrobca: REDC
| |_ Popis: RICOH SD/MMC Driver
| |_ MD5: ACE2CE73D7B04EAC48FB80482E05E770
|
|_ Meno: risdptsk
|_ StartName:
|_ Typ spúšťania: Boot Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Realtek 10/100/1000 NIC Family all in one NDIS XP Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
| |_ Výrobca: Realtek Semiconductor Corporation
| |_ Popis: Realtek 10/100/1000 NDIS 5.1 Driver
| |_ MD5: 7988BFE882BCD94199225B5C3482F1BD
|
|_ Meno: RTL8023xp
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] smserial
|_ Cesta: C:\WINDOWS\system32\DRIVERS\smserial.sys
| |_ Výrobca: Motorola Inc.
| |_ Popis: Motorola SM56 Modem WDM Driver
| |_ MD5: CE2E9D6B8C26C38779581CFF1F14B65B
|
|_ Meno: smserial
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Acronis Snapshots Manager
|_ Cesta: C:\WINDOWS\system32\DRIVERS\snapman.sys
| |_ Výrobca: Acronis
| |_ Popis: Acronis Snapshot API
| |_ MD5: 5052DBAFC8F4E4507E6AD0D467DD3529
|
|_ Meno: snapman
|_ StartName:
|_ Typ spúšťania: Boot Start
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] USB2.0 1.3M WebCam
|_ Cesta: C:\WINDOWS\System32\Drivers\SynMini.sys
| |_ Výrobca:
| |_ Popis:
| |_ MD5: 472B9E75DDAB952F0CD37BD9AA3E81F8
|
|_ Meno: SynMini
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] USB2.0 1.3M WebCam Still Image
|_ Cesta: C:\WINDOWS\System32\Drivers\SynScan.sys
| |_ Výrobca:
| |_ Popis:
| |_ MD5: BED9A41E66E9F038AF6D2E487A3F2757
|
|_ Meno: SynScan
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:

[?] Synaptics TouchPad Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\SynTP.sys
| |_ Výrobca: Synaptics, Inc.
| |_ Popis: Synaptics Touchpad Driver
| |_ MD5: 9C29E8E9C1C48E9C8BC38F031DF4720F
|
|_ Meno: SynTP
|_ StartName:
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Kernel Driver
|_ Dependency:


Moduly (Zobraz i DLL Microsoftu: False, Len bez výrobcu: True, Zobraz registrované: False)
================================================================
[!] klg.dat
|_ Cesta: C:\Program Files\Spyware Doctor\klg.dat
|_ MD5: 3419A70E35106939E753181EEA2B3A50
|_ Výrobca: PC Tools
|_ Procesy
|_ CSRSS.EXE (1208)
|_ WINLOGON.EXE (1236)
|_ SERVICES.EXE (1280)
|_ LSASS.EXE (1292)
|_ ATI2EVXX.EXE (1460)
|_ SVCHOST.EXE (1488)
|_ SVCHOST.EXE (1608)
|_ SVCHOST.EXE (1648)
|_ SVCHOST.EXE (1776)
|_ ATI2EVXX.EXE (1944)
|_ SVCHOST.EXE (192)
|_ SPOOLSV.EXE (800)
|_ ASWLSVC.EXE (928)
|_ DUMeterSvc.exe (956)
|_ EKRN.EXE (1132)
|_ SVCHOST.EXE (1160)
|_ SVCHOST.EXE (1340)
|_ SVCHOST.EXE (1756)
|_ pctsAuxs.exe (1800)
|_ ASWL2K.EXE (436)
|_ SVCHOST.EXE (1144)
|_ pctsTray.exe (1200)
|_ WDFMGR.EXE (1412)
|_ ALG.EXE (3160)
|_ taskmgr.exe (1024)
|_ egui.exe (760)
|_ firefox.exe (3128)
|_ Mobile Connect.exe (424)
|_ WinRAR.exe (3628)
|_ upm.exe (2588)
|_ TOTALCMD.EXE (3928)
|_ upm.exe (984)

[?] ssqrkkdc.dll
|_ Cesta: C:\WINDOWS\System32\ssqRkKdC.dll
|_ MD5: 3D5D5DC0E95D63AB833503367DFECC79
|_ Výrobca:
|_ Procesy
|_ WINLOGON.EXE (1236)
|_ pctsSvc.exe (312)
|_ taskmgr.exe (1024)
|_ firefox.exe (3128)
|_ WinRAR.exe (3628)
|_ TOTALCMD.EXE (3928)

[?] ssqqhhhb.dll
|_ Cesta: C:\WINDOWS\System32\ssqQhhHb.dll
|_ MD5: 28C5A9C0FC810710F07AD17BFF2C9E82
|_ Výrobca:
|_ Procesy
|_ LSASS.EXE (1292)
|_ firefox.exe (3128)

[?] mdimon.dll
|_ Cesta: C:\WINDOWS\System32\MDIMON.DLL
|_ MD5: CF0376023360AADD55C89BA50564AFDC
|_ Výrobca: Microsoft Corporation
|_ Procesy
|_ SPOOLSV.EXE (800)

[?] sqlite3.dll
|_ Cesta: C:\Program Files\DU Meter\SQLite3.dll
|_ MD5: 71CB552FA6D2E4A874712D801B6081B2
|_ Výrobca: Hagel Technologies Ltd
|_ Procesy
|_ DUMeterSvc.exe (956)
|_ firefox.exe (3128)

[?] hpqddsvc.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\BIN\HPQDDSVC.DLL
|_ MD5: 3EE4A63539EC04EE2D4BD293985087AB
|_ Výrobca: Hewlett-Packard Co.
|_ Procesy
|_ SVCHOST.EXE (1160)

[?] hpqcxs08.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\BIN\hpqcxs08.dll
|_ MD5: 38D6B51F04DEF7FB248FA56E4C47407E
|_ Výrobca: Hewlett-Packard Co.
|_ Procesy
|_ SVCHOST.EXE (1160)

[?] hpqddcmn.dll
|_ Cesta: C:\Program Files\HP\Digital Imaging\BIN\HPQDDCMN.DLL
|_ MD5: 5B973EA48E154C83ADF42D0A0F57BB29
|_ Výrobca: Hewlett-Packard Co.
|_ Procesy
|_ SVCHOST.EXE (1160)

[!] pctoolscomponents.bpl
|_ Cesta: C:\Program Files\Spyware Doctor\PCToolsComponents.bpl
|_ MD5: 1CAF8B4BC90137D4A83E2D2EA056B7F2
|_ Výrobca: PC Tools
|_ Procesy
|_ pctsSvc.exe (312)
|_ pctsTray.exe (1200)

[!] rtl100.bpl
|_ Cesta: C:\Program Files\Spyware Doctor\RTL100.BPL
|_ MD5: E016DADBA1DD3C5EF41A8F70D3DC64A0
|_ Výrobca: Borland Software Corporation
|_ Procesy
|_ pctsSvc.exe (312)
|_ pctsTray.exe (1200)

[!] vcl100.bpl
|_ Cesta: C:\Program Files\Spyware Doctor\VCL100.BPL
|_ MD5: 74B6B0BEAC3DC80201383B8699AD694E
|_ Výrobca: Borland Software Corporation
|_ Procesy
|_ pctsSvc.exe (312)
|_ pctsTray.exe (1200)

[?] asusw32n50.dll
|_ Cesta: C:\WINDOWS\System32\ASUSW32N50.dll
|_ MD5: D3302D3363F6B5FAC5E1BCB4DAFE45BB
|_ Výrobca: Printing Communications Assoc., Inc. (PCAUSA)
|_ Procesy
|_ ASWL2K.EXE (436)

[?] nswebff15.dll
|_ Cesta: C:\Documents and Settings\Bara\Application Data\Mozilla\Firefox\Profiles\0hcwninf.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}\components\nsWebFF15.dll
|_ MD5: 4ED7AC997A8232276609E69620F9DCE7
|_ Výrobca:
|_ Procesy
|_ firefox.exe (3128)

[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\SOFTOKN3.DLL
|_ MD5: 97E2501FF70553DD4C6CC34BBB3A0E5F
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3128)

[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\FREEBL3.DLL
|_ MD5: 6B10550346C7EA1C96513F5F53E5BA87
|_ Výrobca: Mozilla Foundation
|_ Procesy
|_ firefox.exe (3128)

[?] hostapi.dll
|_ Cesta: C:\Program Files\Huawei technologies\Mobile Connect\HostAPI.dll
|_ MD5: 63C64360FAA2BD2EB5B3A08FEBA3B54B
|_ Výrobca:
|_ Procesy
|_ Mobile Connect.exe (424)

[?] mfc71u.dll
|_ Cesta: C:\Program Files\Huawei technologies\Mobile Connect\MFC71U.DLL
|_ MD5: 7B93C623333F121DC9E689CCB1B7A733
|_ Výrobca: Microsoft Corporation
|_ Procesy
|_ Mobile Connect.exe (424)

[?] msvcp71.dll
|_ Cesta: C:\Program Files\Huawei technologies\Mobile Connect\MSVCP71.DLL
|_ MD5: 561FA2ABB31DFA8FAB762145F81667C2
|_ Výrobca: Microsoft Corporation
|_ Procesy
|_ Mobile Connect.exe (424)
|_ WinRAR.exe (3628)

[X] rarlng.dll
|_ Cesta: C:\Program Files\WinRAR\RARLNG.DLL
|_ MD5: E3C929FD21722CB2320AA20A5692B02D
|_ Výrobca:
|_ Procesy
|_ WinRAR.exe (3628)

[?] pcscm.dll
|_ Cesta: C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.DLL
|_ MD5: CA33B4B0AAFE8C667B330738C8623A61
|_ Výrobca: Nokia
|_ Procesy
|_ WinRAR.exe (3628)

[?] connapi.dll
|_ Cesta: C:\Program Files\PC Connectivity Solution\ConnAPI.dll
|_ MD5: 3A42E0CE06B4AD78C07C80A419AD039C
|_ Výrobca: Nokia.
|_ Procesy
|_ WinRAR.exe (3628)

[?] phonebrowser.dll
|_ Cesta: C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
|_ MD5: D1D12242118CCEF2E2279DF2182CA2D6
|_ Výrobca: Nokia
|_ Procesy
|_ WinRAR.exe (3628)

[?] msvcr71.dll
|_ Cesta: C:\WINDOWS\System32\MSVCR71.DLL
|_ MD5: 86F1895AE8C5E8B17D99ECE768A70732
|_ Výrobca: Microsoft Corporation
|_ Procesy
|_ WinRAR.exe (3628)

[?] upm.dll
|_ Cesta: C:\Documents and Settings\Bara\Local Settings\Temp\Rar$EX49.453\upm.dll
|_ MD5: E05FF49F7AFDC60A1FB1A5D8189DD6D3
|_ Výrobca: Lodus Software
|_ Procesy
|_ upm.exe (2588)
|_ upm.exe (984)

[!] prjxtab.ocx
|_ Cesta: C:\Documents and Settings\Bara\Local Settings\Temp\Rar$EX29.718\prjXTab.ocx
|_ MD5: DE745F09FC7C607841519AD559C33AC3
|_ Výrobca: xyz
|_ Procesy
|_ upm.exe (2588)
|_ upm.exe (984)

[?] pdfshell.dll
|_ Cesta: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
|_ MD5: 4B0991CD076B617A2231B19A6663C1C9
|_ Výrobca: Adobe Systems, Inc.
|_ Procesy
|_ TOTALCMD.EXE (3928)

[X] lde.dll
|_ Cesta: E:\upm\LDE.dll
|_ MD5: 0F13A4173A599AAA15E3B270E5E27A7F
|_ Výrobca:
|_ Procesy
|_ upm.exe (984)


Výpis súborov
================================================================
\System32:
[?] mscoree.dll 12 ncmpny, {0000AEE9}
[?] ACDSee.scr ACDSEE.SCR 7 no vrfy, {00088057}
[?] msvcr70.dll 12 ncmpny, {00035967}
[?] HHActiveX.dll HHACTI~1.DLL 7 no vrfy, {0006D057}
[?] msvci70.dll 12 ncmpny, {000001D2}
[?] mfc70.dll 12 ncmpny, {0001CEE7}
[?] mfc70u.dll 12 ncmpny, {0001DF1E}
[?] msvcp70.dll 12 ncmpny, {00000C99}
[?] ACDV.dll 7 no vrfy, {00071057}
[X] UNACEV2.DLL 100 ncmpny, cx (AUTO)?, {00012057}
[X] BASSMOD.dll 100 ncmpny, cx ()?, {00008653}
[?] MSRDO20.DLL 12 ncmpny, {00003065}
[?] RDOCURS.DLL 12 ncmpny, {00008D97}
[?] MSSTKPRP.DLL 12 ncmpny, {0000E98C}
[?] VSFLEX3.OCX 7 no vrfy, {00077EE3}
[?] mdimon.dll 12 ncmpny, {000001F6}
[?] java.exe 7 no vrfy, {00021057}
[?] javaw.exe 7 no vrfy, {00021057}
[?] javaws.exe 7 no vrfy, {00022057}
[?] javacpl.cpl 14 no vrfy, {00012057}
[?] VB6STKIT.DLL 12 ncmpny, {00018E57}
[!] BORLNDMM.dll 63 no vrfy, cx (CODE)?, {00008C89}
[?] QuickTime.qts QUICKT~1.QTS 7 no vrfy, {0000C057}
[?] QuickTimeVR.qtxQUICKT~1.QTX 7 no vrfy, {00010057}
[?] CddbCdda.dll CDDBCDDA.DLL 7 no vrfy, {00031857}
[?] hpzipt12.dll 7 no vrfy, {00011CDC}
[?] hpzisn12.dll 7 no vrfy, {00017116}
[?] HPZidr12.dll HPZIDR12.DLL 7 no vrfy, {0000149D}
[?] msxml4.dll 12 ncmpny, {0007233D}
[?] HPZipm12.dll HPZIPM12.DLL 7 no vrfy, {000159DB}
[?] HPZinw12.dll HPZINW12.DLL 7 no vrfy, {00013D5E}
[?] HPZipr12.dll HPZIPR12.DLL 7 no vrfy, {0000565D}
[?] ssqRkKdC.dll SSQRKKDC.DLL 12 ncmpny, {0001F5AF}
[?] ssqQhhHb.dll SSQQHHHB.DLL 12 ncmpny, {00071E9E}
[?] mscories.dll 12 ncmpny, {0003D5AC}
[?] atl71.dll 12 ncmpny, {00015C57}
[?] msvcp71.dll 12 ncmpny, {000FC529}
[?] mfc71.dll 12 ncmpny, {0000C15F}
[?] mfc71u.dll 12 ncmpny, {001F0557}
[?] capicom.dll 12 ncmpny, {000F259D}
[?] ChCfg.exe CHCFG.EXE 12 ncmpny, {0000A057}
[?] ISUSPM.cpl 14 no vrfy, {00012057}
[?] msvcr71.dll 12 ncmpny, {0000A1BE}
[?] wcourier.exe 12 ncmpny, {000F1057}
[?] ASUSW32N50.dll ASUSW3~1.DLL 7 no vrfy, {0000F057}
[?] ClientCpl.cpl CLIENT~1.CPL 12 ncmpny, {00022A57}
[?] ASWL2K.exe 12 ncmpny, {0007E057}
[?] ASWLSVC.exe 12 ncmpny, {00079457}
[?] RemSvc.exe REMSVC.EXE 7 no vrfy, {00027004}
[?] snapapi.dll 7 no vrfy, {00031057}
[?] AutoPartNt.exe AUTOPA~1.EXE 7 no vrfy, {0001AB5B}

\Drivers:
[?] pfc.sys 14 no vrfy, {0000ECCC}
[?] pcouffin.sys 14 no vrfy, {00011797}
[?] vd_filedisk.sys VD_FIL~1.SYS 14 no vrfy, {00007217}
[?] scdemu.sys 14 no vrfy, {0001A529}
[?] MMIOPORT.SYS 12 ncmpny, {0000AF6B}
[?] ipswuio.sys 14 no vrfy, {00019A30}
[?] ASLM75.SYS 12 ncmpny, {0000C5F8}
[?] mdc8021x.sys 14 no vrfy, {0000738A}
[?] snapman.sys 7 no vrfy, {0003E7A6}


================================================================
Ultimate Process Manager v4.1.0 - [ Lodus Software ]

hadam je to to, čo si chcel.

http://www.eset.sk/databaza-znalosti/od ... ll-kniznic

Bod 5, pouzi UnDLL a zmaz nim tieto subory:

C:\WINDOWS\system32\ssqRkKdC.dll
C:\WINDOWS\system32\ssqQhhHb.dll

no musíš mi polopate vysvetliť ako to mam vymazat. bo ked dam tu prisposobenu kontrolu a najdem tie subory tak tam nemam moznost vymazat len kontrolovať, a je tam všetko zaškrknuté

no už som na to prišla dik za pomoc po reštarte je už všetko ako má byť. moc pekne dakujem. keby nahodou sa niečo podobne zopakovalo môžem sa ozvať?

Jo, ozvi sa keby nieco.

inak pouzit mozes aj progrma dr.web je velmi dobry a pmohol aj mne..

Zabudol si na dolezity fakt, ktorym je detekcia/nedetekcia.