PC-HELP.CZ

z ted jiz urcite zavirovane flesky se mi do pc dostaly nejake soubory, ktere mi shazuji prohlizec. pokud pouzivam prohlizec win, prohlizim nejake slozky nebo iexplorer tak mi vsechno na chvilku zmizi a nabehne "konfigurovani individualniho nastaveni uzivatele" C:/RECYCLER/S-1-5-... atd. po chvili to zmizi, ale vsechny prohlizece jsou shozeny. prikladam log z combofixu a hijackthis a prosim o pomoc, predem diky.

ComboFix 08-04-08.10 - dala 2008-04-09 19:52:31.2 - NTFSx86
Running from: C:\Documents and Settings\dala\Plocha\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 16:46 . 2008-04-09 16:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 16:46 . 2008-04-09 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-09 16:44 . 2008-04-09 16:50 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-04-09 16:39 . 2008-04-09 19:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 19:48 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 16:39 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-09 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-08 17:19 . 2008-04-08 17:19 <DIR> d-------- C:\WINDOWS\Sun
2008-04-08 16:51 . 2008-04-08 16:51 30,312 --a------ C:\Documents and Settings\dala\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-07 17:36 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\drivers\scsiprnt.sys
2008-04-07 17:36 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-07 17:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-07 17:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-06 21:29 . 2008-04-06 21:29 <DIR> d-------- C:\Temp
2008-04-06 17:31 . 2008-04-06 17:31 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Zoner
2008-04-05 13:26 . 2008-04-09 13:31 <DIR> d-------- C:\Program Files\Czech Soccer Manager 2002 FE
2008-04-05 12:44 . 2008-04-05 12:45 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-04 21:05 . 2008-04-04 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 21:05 . 2008-04-04 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 20:56 . 2008-04-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-04 20:55 . 2008-04-04 20:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 20:44 . 2008-04-04 20:44 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-04 20:27 . 2008-04-04 20:27 <DIR> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-04-04 20:27 . 2008-04-04 20:50 <DIR> d-------- C:\Program Files\DC++
2008-04-04 20:17 . 2008-04-04 20:26 <DIR> d-------- C:\Program Files\Winamp
2008-04-04 20:17 . 2008-04-04 20:31 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Winamp
2008-04-04 20:17 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-04 20:17 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-04 20:17 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-04 20:16 . 2008-04-04 20:16 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\DAEMON Tools
2008-04-04 20:16 . 2008-04-04 20:16 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-04 20:13 . 2008-04-04 20:13 <DIR> d-------- C:\Program Files\uTorrent
2008-04-04 20:13 . 2008-04-09 14:08 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\uTorrent
2008-04-04 19:33 . 2008-04-04 19:35 <DIR> d-------- C:\Program Files\ICQLite
2008-04-04 19:33 . 2008-04-04 19:35 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\ICQLite
2008-04-04 19:30 . 2008-04-04 19:30 <DIR> d-------- C:\totalcmd
2008-04-04 19:30 . 2008-04-04 19:30 <DIR> d-------- C:\Program Files\FLVPlayer
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 19:30 . 2008-04-04 19:30 41 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 19:27 . 2008-04-04 19:27 <DIR> d-------- C:\Program Files\Webteh
2008-04-04 19:27 . 2008-04-04 19:27 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\BSplayer
2008-04-04 19:23 . 2008-04-04 19:23 <DIR> d-------- C:\Program Files\Zoner
2008-04-04 19:22 . 2008-04-04 19:22 <DIR> d-------- C:\Program Files\GoldWave
2008-04-04 19:22 . 2008-04-09 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 19:21 . 2008-04-04 19:21 <DIR> d-------- C:\Program Files\Astonsoft
2008-04-04 19:10 . 2008-04-04 19:10 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2008-04-04 19:08 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-04-04 19:07 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\Xvid CZ
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\XviD
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-04 19:04 . 2004-10-30 15:39 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-04 19:04 . 2006-01-08 09:56 495,616 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-04 19:04 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-04 19:03 . 2008-04-04 19:03 <DIR> d-------- C:\Program Files\x264
2008-04-04 19:03 . 2008-04-04 19:03 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-04 19:03 . 2008-04-04 19:03 579,090 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-04-04 04:05 . 2008-04-04 04:05 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-04-04 04:04 . 2008-04-04 04:04 <DIR> d-------- C:\WINDOWS\i386
2008-04-03 23:24 . 2008-04-03 23:24 <DIR> d-------- C:\Program Files\AuthenTec
2008-04-03 22:12 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-03 22:12 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-03 22:12 . 2006-08-21 14:27 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-03 22:06 . 2008-04-03 22:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-03 22:03 . 2008-04-03 22:03 <DIR> d-------- C:\Program Files\Infogrames
2008-04-03 22:02 . 2008-04-03 22:02 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Sonic
2008-04-03 22:02 . 2008-04-03 22:02 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Leadertech
2008-04-03 21:59 . 2008-04-03 21:59 390 --a------ C:\WINDOWS\ODBC.INI
2008-04-03 21:56 . 2008-04-03 21:58 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-03 20:24 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-03 19:51 . 2008-04-03 19:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-03 19:40 . 2008-04-03 19:40 <DIR> d---s---- C:\Documents and Settings\dala\UserData
2008-04-03 19:37 . 2008-04-03 19:43 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 19:37 . 2008-04-03 19:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 19:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-03 19:20 . 2008-04-03 23:27 <DIR> d-------- C:\Program Files\Google
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Program Files\ProtectTools
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Infineon
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Infineon
2008-04-03 19:17 . 2008-04-03 19:17 <DIR> d-------- C:\WINDOWS\tiinst
2008-04-03 19:17 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-03 19:17 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-03 19:17 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-03 19:17 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-03 19:17 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-03 19:17 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-03 19:16 . 2008-04-03 19:16 <DIR> d-------- C:\Program Files\InterVideo
2008-04-03 19:15 . 2008-04-09 19:57 <DIR> d-------- C:\Documents and Settings\dala\Plocha
2008-04-03 19:15 . 2006-07-13 13:30 <DIR> d--h----- C:\Documents and Settings\dala\Okolní tiskárny
2008-04-03 19:15 . 2008-04-08 17:03 <DIR> d--h----- C:\Documents and Settings\dala\Okolní síť
2008-04-03 19:15 . 2008-04-03 23:14 <DIR> dr------- C:\Documents and Settings\dala\Oblíbené položky
2008-04-03 19:15 . 2008-04-04 03:38 <DIR> d--h----- C:\Documents and Settings\dala\Šablony
2008-04-03 19:15 . 2008-04-04 20:13 <DIR> dr------- C:\Documents and Settings\dala\Nabídka Start

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 19:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-04 15:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-04 01:49 --------- d-----w C:\Program Files\Windows Media Connect
2008-04-04 01:49 --------- d-----w C:\Program Files\Synaptics
2008-04-04 01:48 --------- d-----w C:\Program Files\Sonic
2008-04-04 01:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 01:47 --------- d-----w C:\Program Files\Hp
2008-04-04 01:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-04 01:47 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-04-04 01:47 --------- d-----w C:\Program Files\DIFX
2008-04-04 01:47 --------- d-----w C:\Program Files\CONEXANT
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 01:41 --------- d-----w C:\Program Files\ATI Technologies
2008-04-04 01:41 --------- d-----w C:\Program Files\Analog Devices
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\hpqLog
2008-04-03 17:43 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 17:43 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 17:43 --------- d-----w C:\Program Files\Symantec
2008-04-03 17:33 --------- d-----w C:\Program Files\Java
2008-04-03 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 17:16 1,691 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6325 (EY352EA#AKB)_YN_0U_QCNU63408X2_E409686222_46_I30B0_SHP_VKBC Version 40.15_B68TT2 Ver. F.02_T060706_WXH2_L405_M448_J80_7AMD_8Sempron_91.8_#080403_N14E4169C_(EY352EA#AKB)_XMOBILE_CN10_Z.MRK
2008-04-03 17:08 --------- d-----w C:\Program Files\HPQ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 10:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 18:01 761946]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 14:13 454656]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-11-11 20:03 52848]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 11:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 09:30 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 13:58 184320]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-04-04 19:10 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-09 16:39 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 10:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-03 19:16:38 184320]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 17:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 18:56]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-09 16:39]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-18 10:00]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:43]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 13:19]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 10:00]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 13:50]
S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;C:\WINDOWS\system32\DRIVERS\scsiprnt.sys [2001-08-17 21:52]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-81C01C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 18:13:49 C:\WINDOWS\Tasks\Norton AntiVirus - Prověřit tento počítač - dala.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exee/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 19:57:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???P???????R?@?????,?@

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-04-09 20:00:10
ComboFix-quarantined-files.txt 2008-04-09 17:59:06
Adresářů: 11, Volných bajtů: 36,961,341,440
Adresářů: 14, Volných bajtů: 36,953,440,256
.
2008-04-05 15:33:00 --- E O F ---

píšeš mi něco na sz,ale já tomu nerozumím. toto je log z čeho?? nelze to řešit střídavě na sz a na fóru.
všimni si,že v jedné chvíli mám rozděláno několik problémů najednou-proto potřebuji přehled,proto zde každého s fredikem sprdnem,když do tématu leze s nepodstatnejma věcma,když mi se snažíme vyhnat sviňáka z kompu.
přehled a kontinuita-otázka-log,následuje - odpověď-skript :wink:

toto je log ktery bych prosil zkontrolovat...

promiň,ale začínat řešit problém combofixem je pro nás trochu nepříjemné. první je vždy hijackthis. to je jako když automechanik koukne na značku a model a pak teprve diagnostikuje konkrétní trabl.

stáhni
Flash Disinfector (by sUBs)

připoj flešku a spust ho.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:

Kód: Vybrat vše

File::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-81C01C608512}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
Obrázek

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu+log z hijackthis

hijack log

Logfile of HijackThis v1.99.1
Scan saved at 21:12:05, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Documents and Settings\dala\Plocha\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dala\Plocha\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlxEN.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Funkce Auto-Protect aplikace Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Služba Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

když už ten hijackthis,tak prosím aktuální verzi viewtopic.php?t=5119

hijack a pod nim combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:17, on 9.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\dala\Plocha\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Funkce Auto-Protect aplikace Norton AntiVirus (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Služba Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Plánovač automatické aktualizace LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10952 bytes

----------------------------------------------------------------------------
----------------------------------------------------------------------------
----------------------------------------------------------------------------

ComboFix 08-04-08.10 - dala 2008-04-09 21:16:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.131 [GMT 2:00]
Running from: C:\Documents and Settings\dala\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\dala\Plocha\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\RECYCLER\Desktop.ini
D:\RECYCLER\Folder.htt
D:\RECYCLER\Protect.ed
D:\RECYCLER\Warning.bmp

.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 16:46 . 2008-04-09 16:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-09 16:46 . 2008-04-09 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2008-04-09 16:44 . 2008-04-09 16:50 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-04-09 16:39 . 2008-04-09 19:19 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 19:48 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 19:16 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2008-04-09 16:39 . 2008-04-09 16:39 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-09 11:28 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-08 17:19 . 2008-04-08 17:19 <DIR> d-------- C:\WINDOWS\Sun
2008-04-08 16:51 . 2008-04-08 16:51 30,312 --a------ C:\Documents and Settings\dala\Data aplikací\GDIPFONTCACHEV1.DAT
2008-04-07 17:36 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\drivers\scsiprnt.sys
2008-04-07 17:36 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-04-07 17:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-07 17:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-06 21:29 . 2008-04-06 21:29 <DIR> d-------- C:\Temp
2008-04-06 17:31 . 2008-04-06 17:31 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Zoner
2008-04-05 13:26 . 2008-04-09 13:31 <DIR> d-------- C:\Program Files\Czech Soccer Manager 2002 FE
2008-04-05 12:44 . 2008-04-05 12:45 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-04-04 21:05 . 2008-04-04 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 21:05 . 2008-04-04 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 20:56 . 2008-04-04 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-04-04 20:55 . 2008-04-04 20:55 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-04 20:44 . 2008-04-04 20:44 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-04-04 20:27 . 2008-04-04 20:27 <DIR> d-------- C:\Program Files\YouTUBE (TM) movie downloader
2008-04-04 20:27 . 2008-04-04 20:50 <DIR> d-------- C:\Program Files\DC++
2008-04-04 20:17 . 2008-04-04 20:26 <DIR> d-------- C:\Program Files\Winamp
2008-04-04 20:17 . 2008-04-04 20:31 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Winamp
2008-04-04 20:17 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-04-04 20:17 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-04 20:17 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-04 20:16 . 2008-04-04 20:16 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\DAEMON Tools
2008-04-04 20:16 . 2008-04-04 20:16 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-04 20:13 . 2008-04-04 20:13 <DIR> d-------- C:\Program Files\uTorrent
2008-04-04 20:13 . 2008-04-09 14:08 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\uTorrent
2008-04-04 19:33 . 2008-04-04 19:35 <DIR> d-------- C:\Program Files\ICQLite
2008-04-04 19:33 . 2008-04-04 19:35 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\ICQLite
2008-04-04 19:30 . 2008-04-04 19:30 <DIR> d-------- C:\totalcmd
2008-04-04 19:30 . 2008-04-04 19:30 <DIR> d-------- C:\Program Files\FLVPlayer
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 19:30 . 2006-02-02 06:54 545 --a------ C:\WINDOWS\ARJ.PIF
2008-04-04 19:30 . 2008-04-04 19:30 41 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 19:27 . 2008-04-04 19:27 <DIR> d-------- C:\Program Files\Webteh
2008-04-04 19:27 . 2008-04-04 19:27 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\BSplayer
2008-04-04 19:23 . 2008-04-04 19:23 <DIR> d-------- C:\Program Files\Zoner
2008-04-04 19:22 . 2008-04-04 19:22 <DIR> d-------- C:\Program Files\GoldWave
2008-04-04 19:22 . 2008-04-09 16:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 19:21 . 2008-04-04 19:21 <DIR> d-------- C:\Program Files\Astonsoft
2008-04-04 19:10 . 2008-04-04 19:10 98,304 --a------ C:\WINDOWS\system32\qttask.exe
2008-04-04 19:08 . 2004-02-17 10:11 53,248 --a------ C:\WINDOWS\system32\vp6dec_settings.cpl
2008-04-04 19:07 . 2008-04-04 19:08 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\Xvid CZ
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\XviD
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-04-04 19:04 . 2004-10-30 15:39 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-04 19:04 . 2006-01-08 09:56 495,616 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-04 19:04 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-04 19:03 . 2008-04-04 19:03 <DIR> d-------- C:\Program Files\x264
2008-04-04 19:03 . 2008-04-04 19:03 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-04 19:03 . 2008-04-04 19:03 579,090 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-04-04 04:05 . 2008-04-04 04:05 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-04-04 04:04 . 2008-04-04 04:04 <DIR> d-------- C:\WINDOWS\i386
2008-04-03 23:24 . 2008-04-03 23:24 <DIR> d-------- C:\Program Files\AuthenTec
2008-04-03 22:12 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-03 22:12 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-03 22:12 . 2006-08-21 14:27 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-03 22:06 . 2008-04-03 22:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-03 22:03 . 2008-04-03 22:03 <DIR> d-------- C:\Program Files\Infogrames
2008-04-03 22:02 . 2008-04-03 22:02 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Sonic
2008-04-03 22:02 . 2008-04-03 22:02 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Leadertech
2008-04-03 21:59 . 2008-04-03 21:59 390 --a------ C:\WINDOWS\ODBC.INI
2008-04-03 21:56 . 2008-04-03 21:58 <DIR> d-------- C:\WINDOWS\ShellNew
2008-04-03 20:24 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-03 19:51 . 2008-04-03 19:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-03 19:40 . 2008-04-03 19:40 <DIR> d---s---- C:\Documents and Settings\dala\UserData
2008-04-03 19:37 . 2008-04-03 19:43 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-03 19:37 . 2008-04-03 19:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-03 19:33 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-03 19:20 . 2008-04-03 23:27 <DIR> d-------- C:\Program Files\Google
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Program Files\ProtectTools
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Documents and Settings\dala\Data aplikací\Infineon
2008-04-03 19:19 . 2008-04-03 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Infineon
2008-04-03 19:17 . 2008-04-03 19:17 <DIR> d-------- C:\WINDOWS\tiinst
2008-04-03 19:17 . 2002-11-21 10:57 204,800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-04-03 19:17 . 2002-11-21 10:57 200,704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-04-03 19:17 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-04-03 19:17 . 2002-11-21 10:57 192,512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-04-03 19:17 . 2002-11-21 10:57 188,416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-04-03 19:17 . 2002-11-21 10:57 20,480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-04-03 19:16 . 2008-04-03 19:16 <DIR> d-------- C:\Program Files\InterVideo
2008-04-03 19:15 . 2008-04-09 21:19 <DIR> d-------- C:\Documents and Settings\dala\Plocha
2008-04-03 19:15 . 2006-07-13 13:30 <DIR> d--h----- C:\Documents and Settings\dala\Okolní tiskárny
2008-04-03 19:15 . 2008-04-08 17:03 <DIR> d--h----- C:\Documents and Settings\dala\Okolní síť
2008-04-03 19:15 . 2008-04-03 23:14 <DIR> dr------- C:\Documents and Settings\dala\Oblíbené položky
2008-04-03 19:15 . 2008-04-04 03:38 <DIR> d--h----- C:\Documents and Settings\dala\Šablony
2008-04-03 19:15 . 2008-04-04 20:13 <DIR> dr------- C:\Documents and Settings\dala\Nabídka Start

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-04 19:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-04 15:05 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-04 01:49 --------- d-----w C:\Program Files\Windows Media Connect
2008-04-04 01:49 --------- d-----w C:\Program Files\Synaptics
2008-04-04 01:48 --------- d-----w C:\Program Files\Sonic
2008-04-04 01:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-04 01:47 --------- d-----w C:\Program Files\Hp
2008-04-04 01:47 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-04 01:47 --------- d-----w C:\Program Files\Fingerprint Sensor
2008-04-04 01:47 --------- d-----w C:\Program Files\DIFX
2008-04-04 01:47 --------- d-----w C:\Program Files\CONEXANT
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\TiVo Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\Java
2008-04-04 01:47 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 01:41 --------- d-----w C:\Program Files\ATI Technologies
2008-04-04 01:41 --------- d-----w C:\Program Files\Analog Devices
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Symantec
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\InstallShield
2008-04-04 01:38 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\hpqLog
2008-04-03 17:43 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-03 17:43 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-03 17:43 --------- d-----w C:\Program Files\Symantec
2008-04-03 17:33 --------- d-----w C:\Program Files\Java
2008-04-03 17:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 17:16 1,691 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq nx6325 (EY352EA#AKB)_YN_0U_QCNU63408X2_E409686222_46_I30B0_SHP_VKBC Version 40.15_B68TT2 Ver. F.02_T060706_WXH2_L405_M448_J80_7AMD_8Sempron_91.8_#080403_N14E4169C_(EY352EA#AKB)_XMOBILE_CN10_Z.MRK
2008-04-03 17:08 --------- d-----w C:\Program Files\HPQ
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-18 10:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 11:11 925696]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06 716800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 11:56 122880]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-31 05:20 122940]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 18:01 761946]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-03-28 14:13 454656]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-11-11 20:03 52848]
"CognizanceTS"="C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 20:12 17920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 11:38 131072]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-04-21 09:30 40960]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 16:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 17:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-02-15 17:43 892928]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 13:58 184320]
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" [2008-04-04 19:10 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-09 16:39 2957824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 10:00 15360]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-03 19:16:38 184320]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]
IfxWlxEN.dll 2006-03-03 17:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 20:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"C:\\Program Files\\ICQLite\\ICQLite.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2005-11-29 18:56]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-09 16:39]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-18 10:00]
R2 Plánovač automatické aktualizace LiveUpdate;Plánovač automatické aktualizace LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:43]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 13:19]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-18 10:00]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 13:50]
S3 scsiprnt;Microsoft SCSI/1394 Generic Printer Class;C:\WINDOWS\system32\DRIVERS\scsiprnt.sys [2001-08-17 21:52]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 18:13:49 C:\WINDOWS\Tasks\Norton AntiVirus - Prověřit tento počítač - dala.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exee/TASK:
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 21:19:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ???P???????R?@?????,?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-09 21:20:25
ComboFix-quarantined-files.txt 2008-04-09 19:20:09
ComboFix2.txt 2008-04-09 18:00:11
Adresářů: 11, Volných bajtů: 37,218,742,272
Adresářů: 13, Volných bajtů: 37,209,321,472
.
2008-04-05 15:33:00 --- E O F ---

nevím jak se momentálně chová komp,ale vzhledem k tomu,že tě hlídá kompletní norton,tak bych odinstaloval Spyware Terminator. takže to udělej a napiš něco o tom chování.

diky za pomoc, dam vedet jak se pc chova (nortonovi za 50 dni konci lhuta, takze uz tady moc dlouho nebude...)

PC-HELP.CZ

prosim o pomoc se shazovanim exploreru od isee.exe

prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe

Re: prosim o pomoc se shazovanim exploreru od isee.exe