Explorer.exe - Aplikace nebyla nalezena

[VacVol]

Dobry den, dekuji predem za pomoc. Snazil jsem se vycistit NB od viru VIRUT, zda se ze se podarilo. Ovsem ne bez nasledku.. Nejdou mi otevrit ovladaci panely, objevi se hlaska Explorer.exe Aplikace nebyla nalezena. Dekuji za pripadnou pomoc.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:34, on 25.6.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\OEM04Mon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Translate Client\translateclient.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\Program Files\Internet Explorer\IEProRs.dll/easyhome.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Poskytovatel aplikace Internet Explorer: Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\Internet Explorer\iepro.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: is-10HE3.lnk = C:\Users\VV\Desktop\Virus Removal Tool\is-10HE3\startup.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Translate Client.lnk = C:\Program Files\Translate Client\translateclient.exe
O8 - Extra context menu item: Download with Rapget - C:\C\RapGet\rapget.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Internet Explorer\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\Internet Explorer\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Internet Explorer\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\Internet Explorer\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.cz/s/v/45.16/uploader2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Windows\Installer\MSI542E.tmp
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 13953 bytes

[Reklama]

[jaro3]

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.


Start-spustit-napiš: notepad .do něho vlož tento celý text:

Kód: Vybrat vše

dir \explorer.exe /a h /s > File.txt

uložit na plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

[VacVol]

Diky za reakci ..

log z Malwarebytes:

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2337
Windows 6.0.6001 Service Pack 1

26.6.2009 10:19:04
mbam-log-2009-06-26 (10-19-04).txt

Typ skenu: Rychlý sken
Objektu skenováno: 90429
Uplynulý cas: 7 minute(s), 37 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
c:\Windows\System32\~.tmp (Trojan.Agent) -> Quarantined and deleted successfully.



vypis z file.txt:
Svazek v jednotce C je OS.
S‚riov‚ źˇslo svazku je CE0B-997B.

Věpis adres ýe C:\Windows

29.10.2008 08:29 2˙927˙104 explorer.exe
Soubor…: 1, Bajt…: 2˙927˙104

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a

19.12.2007 23:36 2˙923˙520 explorer.exe
Soubor…: 1, Bajt…: 2˙923˙520

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3

29.10.2008 08:20 2˙923˙520 explorer.exe
Soubor…: 1, Bajt…: 2˙923˙520

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf

19.12.2007 23:36 2˙923˙520 explorer.exe
Soubor…: 1, Bajt…: 2˙923˙520

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b

28.10.2008 04:15 2˙923˙520 explorer.exe
Soubor…: 1, Bajt…: 2˙923˙520

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf

19.01.2008 09:33 2˙927˙104 explorer.exe
Soubor…: 1, Bajt…: 2˙927˙104

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8

29.10.2008 08:29 2˙927˙104 explorer.exe
Soubor…: 1, Bajt…: 2˙927˙104

Věpis adres ýe C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1

30.10.2008 05:59 2˙927˙616 explorer.exe
Soubor…: 1, Bajt…: 2˙927˙616

DEKUJI !!

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Vypni rez. ochranu u AVG.

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[VacVol]

Dekuji, zasilam logy:


MbAM:

Malwarebytes' Anti-Malware 1.38
Verze databáze: 2337
Windows 6.0.6001 Service Pack 1

26.6.2009 11:43:24
mbam-log-2009-06-26 (11-43-24).txt

Typ skenu: Rychlý sken
Objektu skenováno: 91029
Uplynulý cas: 8 minute(s), 31 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)


ComboFix:

ComboFix 09-06-25.05 - VV 26.06.2009 13:07.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.420.1029.18.2045.940 [GMT 2:00]
Spuštěný z: c:\users\VV\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\Drivers\vgoejfys.sys
c:\windows\system32\xtkdhyir.dll

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_USBDriver
-------\Service_vbaeudi


((((((((((((((((((((((((( Soubory vytvořené od 2009-05-26 do 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 11:12 . 2009-06-26 11:12 -------- d-----w- c:\users\VV\AppData\Local\temp
2009-06-26 08:32 . 2009-06-26 08:32 -------- d-----w- c:\users\VV\AppData\Local\UGS
2009-06-26 08:10 . 2009-06-26 08:10 -------- d-----w- c:\users\VV\AppData\Roaming\Malwarebytes
2009-06-26 08:10 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 08:10 . 2009-06-26 08:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 08:10 . 2009-06-26 08:10 -------- d-----w- c:\programdata\Malwarebytes
2009-06-26 08:10 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 08:09 . 2009-06-26 08:09 3561744 ----a-w- C:\mbam-setup.exe
2009-06-25 20:36 . 2009-06-25 20:43 -------- d-----w- C:\rsit
2009-06-25 18:49 . 2009-06-25 18:49 -------- d-----w- c:\program files\Trend Micro
2009-06-25 18:46 . 2009-06-25 18:49 812344 ----a-w- C:\HJTInstall.exe
2009-06-25 17:51 . 2009-06-25 17:51 8815552 ----a-w- C:\windows-kb890830-v2.11.exe
2009-06-25 11:34 . 2009-06-26 11:02 117760 ----a-w- c:\users\VV\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-25 11:33 . 2009-06-25 11:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-06-25 11:29 . 2009-06-25 11:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-25 11:29 . 2009-06-25 11:29 -------- d-----w- c:\users\VV\AppData\Roaming\SUPERAntiSpyware.com
2009-06-25 11:25 . 2009-06-25 11:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-25 11:20 . 2009-06-25 11:21 6568480 ----a-w- C:\SUPERAntiSpyware.exe
2009-06-25 08:59 . 2009-06-25 08:59 -------- d-----w- c:\programdata\is-10HE3
2009-06-25 08:58 . 2009-06-26 11:11 29081632 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-25 08:58 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\42808240.sys
2009-06-25 08:15 . 2009-06-26 08:14 790 ----a-w- c:\windows\system32\xtkdhyir.dat
2009-06-25 08:00 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-25 07:59 . 2009-06-25 07:59 -------- d-----w- c:\program files\Panda Security
2009-06-25 07:57 . 2009-06-25 07:57 23975456 ----a-w- C:\sdstart.exe
2009-06-25 07:50 . 2009-06-25 07:50 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-06-25 07:50 . 2009-06-25 07:50 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-06-25 07:50 . 2009-06-25 07:50 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-25 07:50 . 2009-06-25 18:47 -------- d-----w- c:\users\VV\AppData\Roaming\Spyware Terminator
2009-06-25 07:50 . 2009-06-25 18:47 -------- d-----w- c:\program files\Spyware Terminator
2009-06-25 07:50 . 2009-06-25 08:57 -------- d-----w- c:\programdata\Spyware Terminator
2009-06-24 22:15 . 2009-06-24 22:16 2734080 ----a-w- C:\rmvirut.exe
2009-06-24 17:27 . 2009-06-24 17:27 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-06-24 17:07 . 2009-06-24 17:30 -------- d-----w- c:\program files\AutoCAD 2008
2009-06-24 16:31 . 2009-06-24 16:31 -------- d-----w- c:\users\VV\AppData\Roaming\Nero
2009-06-24 16:10 . 2009-06-24 16:22 -------- d-----w- c:\program files\Nero
2009-06-24 16:09 . 2009-06-24 16:23 -------- d-----w- c:\program files\Common Files\Nero
2009-06-24 16:09 . 2009-06-24 16:14 -------- d-----w- c:\programdata\Nero
2009-06-24 16:08 . 2008-08-20 03:33 1315328 ----a-w- c:\windows\system32\ole32.dll
2009-06-22 06:37 . 2009-06-17 09:20 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-06-19 09:53 . 2009-06-23 08:25 -------- d-----w- c:\users\VV\AppData\Roaming\SolidDocuments
2009-06-19 09:53 . 2009-01-30 18:57 13568 ----a-w- c:\windows\system32\solidlocalui.dll
2009-06-19 09:53 . 2009-01-30 18:57 21248 ----a-w- c:\windows\system32\solidlocalmon.dll
2009-06-19 09:53 . 2009-06-19 09:53 -------- d-----w- c:\program files\SolidDocuments
2009-06-19 09:53 . 2009-06-19 09:53 -------- d-----w- c:\programdata\SolidDocuments
2009-06-19 09:38 . 2009-06-19 09:38 -------- d-----w- c:\program files\SomePDF
2009-06-19 09:20 . 2009-06-19 09:20 -------- d-----w- c:\users\VV\AppData\Local\ABBYY
2009-06-19 09:18 . 2009-06-19 10:11 -------- d-----w- c:\programdata\ABBYY
2009-06-19 09:15 . 2009-06-19 09:16 -------- d-----w- c:\temp\pdftr30
2009-06-19 09:15 . 2009-06-19 09:15 -------- d-----w- C:\temp
2009-06-18 11:12 . 2009-06-23 12:35 -------- d-----w- C:\Z-Z
2009-06-18 07:04 . 2009-06-18 07:04 -------- d-----w- c:\users\VV\AppData\Roaming\translateclient
2009-06-18 07:04 . 2009-06-18 07:04 -------- d-----w- c:\program files\Translate Client
2009-06-17 10:50 . 2009-06-18 07:03 -------- d-----w- c:\users\VV\AppData\Roaming\gtc
2009-06-17 10:50 . 2009-06-18 07:04 -------- d-----w- c:\program files\Google Translate Client
2009-06-17 09:20 . 2009-06-11 07:44 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-17 09:20 . 2009-06-11 07:44 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-17 09:20 . 2009-06-11 07:44 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-15 19:37 . 2009-06-25 18:06 -------- d-----w- C:\--
2009-06-14 13:38 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 13:38 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 08:14 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 08:14 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 08:12 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-11 08:12 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-11 08:11 . 2009-06-02 11:38 1004800 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2009-06-11 07:57 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 07:47 . 2009-06-11 08:11 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-11 07:44 . 2009-06-11 07:42 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 11:00 . 2008-11-19 14:56 131154 ----a-w- c:\programdata\nvModes.dat
2009-06-26 09:55 . 2009-06-25 08:58 222452 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 09:55 . 2007-12-10 20:11 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-25 17:40 . 2008-10-26 20:59 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-25 11:51 . 2008-05-26 20:03 20480 ----a-w- c:\windows\system32\RacAgent.exe
2009-06-25 09:09 . 2008-05-26 20:03 311808 ----a-w- c:\windows\system32\unregmp2.exe
2009-06-25 09:08 . 2008-05-26 20:04 408576 ----a-w- c:\windows\system32\msinfo32.exe
2009-06-25 09:07 . 2008-05-26 20:04 485376 ----a-w- c:\windows\system32\mspaint.exe
2009-06-25 05:14 . 2009-02-18 08:36 -------- d-----w- c:\programdata\avg8
2009-06-25 00:57 . 2009-05-20 12:29 -------- d-----w- c:\program files\WinHTTrack
2009-06-25 00:56 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-25 00:56 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 00:53 . 2008-07-20 20:00 -------- d-----w- c:\program files\PSPad editor
2009-06-25 00:48 . 2008-02-03 00:05 -------- d-----w- c:\program files\InterVideo Information Service
2009-06-25 00:46 . 2007-12-10 20:28 -------- d-----w- c:\program files\Fingerprint Reader Suite
2009-06-25 00:41 . 2008-07-20 19:42 -------- d-----w- c:\program files\Avidemux 2.4
2009-06-24 17:51 . 2008-12-20 23:02 -------- d-----w- c:\users\VV\AppData\Roaming\uTorrent
2009-06-24 17:37 . 2008-09-16 07:45 -------- d-----w- c:\programdata\Autodesk
2009-06-24 17:37 . 2008-02-02 23:12 157576 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-06-24 17:30 . 2008-09-16 07:43 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-06-24 17:07 . 2008-09-16 07:43 -------- d-----w- c:\users\VV\AppData\Roaming\Autodesk
2009-06-24 17:05 . 2008-09-16 07:43 -------- d-----w- c:\program files\Autodesk
2009-06-19 10:10 . 2007-01-08 21:15 602092 ----a-w- c:\windows\system32\perfh005.dat
2009-06-19 10:10 . 2007-01-08 21:15 116204 ----a-w- c:\windows\system32\perfc005.dat
2009-06-19 09:24 . 2008-11-19 11:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 09:20 . 2008-01-09 15:33 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-14 15:14 . 2008-01-09 14:48 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 07:44 . 2009-02-18 08:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-09 15:00 . 2008-10-20 15:56 -------- d-----w- c:\program files\Canon
2009-05-27 16:27 . 2008-11-04 10:29 -------- d-----w- c:\users\VV\AppData\Roaming\U3
2009-05-25 12:01 . 2009-05-25 12:01 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2009-05-21 12:55 . 2009-05-21 12:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-05-21 12:40 . 2009-05-21 12:40 -------- d-----w- c:\program files\Windows Mobile Resources
2009-05-15 06:02 . 2009-05-15 06:02 2373416 ----a-w- c:\programdata\Nero\Nero\DrWeb\DrWeb32.dll
2009-05-15 05:50 . 2009-05-15 05:50 2373416 ----a-w- c:\programdata\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-05-09 19:09 . 2008-07-08 20:12 -------- d-----w- c:\program files\TagRename
2009-05-05 10:34 . 2008-06-22 19:20 -------- d-----w- c:\users\VV\AppData\Roaming\GARMIN
2009-05-05 10:25 . 2009-05-05 10:25 -------- d-----w- c:\program files\DIFX
2009-05-05 10:24 . 2009-05-05 10:24 -------- d-----w- c:\program files\Garmin
2009-04-29 16:15 . 2008-01-09 14:55 -------- d-----w- c:\program files\Microsoft Works
2009-04-27 14:30 . 2009-04-27 14:30 -------- d-----w- c:\program files\Western Digital Corporation
2009-04-26 07:47 . 2009-02-18 08:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-26 07:47 . 2009-02-18 08:36 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-04-26 07:47 . 2009-02-18 08:38 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-26 07:47 . 2009-02-18 08:38 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2007-12-10 20:25 . 2007-12-10 20:25 76 --sh--r- c:\windows\CT4CET.bin
2008-01-06 19:31 . 2008-01-06 19:14 48 --sh--w- c:\windows\S44FAC2BD.tmp
2007-12-11 04:05 . 2007-12-11 03:56 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:38 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-12 2952128]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-06-25 3055616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 857648]
"OEM04Mon.exe"="c:\windows\OEM04Mon.exe" [2007-08-29 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-12-10 77824]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-11 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

c:\users\VV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-10HE3.lnk - c:\users\VV\Desktop\Virus Removal Tool\is-10HE3\startup.exe [2009-6-25 65536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
Translate Client.lnk - c:\program files\Translate Client\translateclient.exe [2009-6-9 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^VV^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MotionBased Agent.lnk]
path=c:\users\VV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MotionBased Agent.lnk
backup=c:\windows\pss\MotionBased Agent.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-791789707-3389433173-3822991662-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AE12A8CC-5823-4112-811F-8D50C5AC43F4}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{17E1D17D-1150-4BF6-ACE9-A3072F5C4FB9}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{6F397137-FD9C-4B13-9CDB-0DB239387CD4}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{EA13C144-71CD-41F5-955F-44C8BC96A385}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{58C85816-D8C6-4AB5-8E81-27069E5B6436}c:\\totalcmd\\totalcmd.exe"= UDP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{85333C8A-DBC8-4888-B895-64B7073FF045}c:\\totalcmd\\totalcmd.exe"= TCP:c:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"{D1A40EC8-302E-4A6D-9743-9BC87E24B07C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2F3252B9-E746-4545-8FEB-B017656F2A2D}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F0E2E1AC-3CEF-4F1C-A95C-6F876D3E3C58}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{867C6842-9D4F-4744-B7E9-F6364B0AAC3F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBEDEF9D-BC94-42AC-BBAB-EA955786EC79}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FE6B0B67-92EC-458C-8C69-FFECB4DB3B50}c:\\program files\\microsoft office\\office12\\groove.exe"= UDP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"UDP Query User{55D94683-3D59-4365-B556-7EE5CB42F310}c:\\program files\\microsoft office\\office12\\groove.exe"= TCP:c:\program files\microsoft office\office12\groove.exe:Microsoft Office Groove
"TCP Query User{5933E165-E28A-49F2-8521-297A0D7497F2}c:\\program files\\microsoft office\\office12\\outlook.exe"= UDP:c:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook
"UDP Query User{A5525DC9-A7AE-4704-A28B-7BF391E7EBE1}c:\\program files\\microsoft office\\office12\\outlook.exe"= TCP:c:\program files\microsoft office\office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F98120B1-72BC-495B-BA9F-80DEF8B6F454}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{4BEEAEB0-7507-4284-9F75-52B576A33EE7}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{5C075BEE-D3F7-4737-B8AF-D1A1AF58E7C0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B896ABF1-D504-45D6-96E3-E3ABEE96ADFD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FDAF446E-3EA6-4296-97C1-A18776FF2A14}"= c:\program files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{619E0490-DC8B-4018-973A-4EFCCF8BF81E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7556972E-398B-483F-85F0-E40A5F30B098}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2756B58-838A-4FB5-9F12-DC6D49FCE656}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{569C1111-AEE5-43E8-949E-BC2BC42CA0A8}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{19F699E9-668C-47DA-810F-6EFA3C145BB4}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{F766FED7-769C-4F6F-9C1E-4FA0486CE878}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"TCP Query User{CC41D3E0-EF6D-4A51-B3E8-20C3CC9281A4}c:\\program files\\canon\\color network scangear\\sgtool.exe"= UDP:c:\program files\canon\color network scangear\sgtool.exe:SGTOOL
"UDP Query User{2EDFDB87-A1C9-46D7-93A6-16B21EC06A3F}c:\\program files\\canon\\color network scangear\\sgtool.exe"= TCP:c:\program files\canon\color network scangear\sgtool.exe:SGTOOL
"{6706327F-A94E-4052-B75D-F856AEEC7EF3}"= UDP:c:\program files\Canon\DIAS\CnxDIAS.exe:Canon Driver Information Assist Service
"{56C4D9CB-629F-47A9-9457-399D8FC7F634}"= TCP:c:\program files\Canon\DIAS\CnxDIAS.exe:Canon Driver Information Assist Service
"TCP Query User{9AC85E84-4E5E-4A48-A902-1C5DED2A6C18}c:\\program files\\canon\\color network scangear\\sgtool.exe"= UDP:c:\program files\canon\color network scangear\sgtool.exe:SGTOOL
"UDP Query User{8AF7D7E1-38ED-4B24-A2AB-2ECBF7B7052D}c:\\program files\\canon\\color network scangear\\sgtool.exe"= TCP:c:\program files\canon\color network scangear\sgtool.exe:SGTOOL
"TCP Query User{F6BA8295-95AD-4354-8371-1E422DB2EC51}c:\\program files\\internet explorer\\minidm.exe"= UDP:c:\program files\internet explorer\minidm.exe:MiniDM
"UDP Query User{D73886FC-EBD3-4148-8676-3C6AA7D4C1C1}c:\\program files\\internet explorer\\minidm.exe"= TCP:c:\program files\internet explorer\minidm.exe:MiniDM
"TCP Query User{46489EA3-3145-4197-B1EC-F07E9C731516}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{88BA503B-8146-49EA-9DA2-0B4820485F1E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{E07EE652-1428-4502-AD0D-49A90EC563B4}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{A4153EC5-21A4-4F7B-9819-AB15FADEC017}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{82C37DA0-36E5-4D4F-8492-55C668B18AAF}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{0D2270AC-17D3-4507-826E-0F12C4FEC77F}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{F59FF4B5-0628-46D7-B74D-69A2ACEAC031}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{C95F927A-2766-4239-958C-BECA8CC0CAB4}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{96128402-EE8E-415A-A4D7-2CE351694567}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{0A9A2DAB-77D9-4C25-893F-E8426E8FB79C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{A10D3B6F-5E80-4A91-B893-3297BDF2AC4F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{6F74D282-C4E0-468F-8DF2-D545545D812C}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Internet Explorer\\MiniDM.exe"= c:\program files\Internet Explorer\MiniDM.exe:*:Enabled:MiniDM

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [18.2.2009 10:38 12552]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [25.6.2009 10:00 28544]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [18.2.2009 10:36 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [18.2.2009 10:37 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [18.2.2009 10:38 108552]
R1 is-10HE3drv;is-10HE3drv;c:\windows\System32\drivers\42808240.sys [25.6.2009 10:58 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23.6.2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.6.2009 11:01 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [25.6.2009 9:50 142592]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10.12.2007 22:10 73728]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26.4.2009 9:46 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18.2.2009 10:37 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [11.6.2009 9:44 1368952]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI542E.tmp [19.6.2009 11:53 189696]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [24.7.2008 16:22 102400]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [11.12.2007 6:05 179712]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;c:\windows\System32\drivers\OEM04Vfx.sys [11.12.2007 6:05 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver;c:\windows\System32\drivers\OEM04Vid.sys [11.12.2007 6:05 234560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23.6.2009 11:01 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Obsah adresáře 'Naplánované úlohy'

2009-06-26 c:\windows\Tasks\User_Feed_Synchronization-{044A0D19-AB15-436F-A444-74462F281746}.job
- c:\windows\system32\msfeedssync.exe [2009-04-07 11:31]
.
.
------- Doplňkový sken -------
.
uStart Page = res://c:\program files\Internet Explorer\IEProRs.dll/easyhome.html
IE: Download with Rapget - c:\c\RapGet\rapget.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 13:12
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSI542E.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(4076)
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Celkový čas: 2009-06-26 13:16
ComboFix-quarantined-files.txt 2009-06-26 11:16

Před spuštěním: Volných bajtů: 67 823 046 656
Po spuštění: Volných bajtů: 67 518 222 336

351 --- E O F --- 2009-06-25 19:14

[jaro3]

Tedy máš antivir Avg8+Windows Defender
Dále vidím :
DrWeb
SpywareTerminator
SUPERAntiSpyware
Virus Removal Tool
U těch bych použil jen jeden rez. štít nebo něco odinstaloval...
+Zbytky:
Panda Security

Toto znáš:
c:\programdata\is-10HE3
c:\windows\system32\%APPDATA%
c:\temp\pdftr30
C:\temp
C:\Z-Z
C:\--
Pokud ne tak , nahlédni , co tam je...a vlož sem.

Toto otestuj na Virustotal
C:\Windows\explorer.exe
Vlož sem pak odkaz výsledku.