+ přikladam ten log z komba
ComboFix 11-06-24.01 - Petr 24.06.2011 17:40:37.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1535.1004 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petr\Plocha\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-24 do 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 15:11 . 2011-06-24 15:11 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\VS Revo Group
2011-06-24 15:11 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-06-24 15:11 . 2011-06-24 15:11 -------- d-----w- c:\program files\VS Revo Group
2011-06-24 15:05 . 2011-06-24 15:05 -------- d-----w- c:\program files\MozBackup
2011-06-24 14:23 . 2011-06-24 14:34 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Opera
2011-06-24 14:23 . 2011-06-24 14:34 -------- d-----w- c:\program files\Opera
2011-06-24 14:18 . 2011-06-24 14:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-24 12:19 . 2011-06-24 12:19 -------- d-----r- c:\program files\Skype
2011-06-24 12:19 . 2011-06-24 12:19 -------- d-----w- c:\program files\Common Files\Skype
2011-06-24 12:18 . 2011-06-24 12:18 -------- d-----w- c:\program files\Hooligans
2011-06-24 12:18 . 2011-06-24 12:18 -------- d-----w- c:\program files\Ubisoft
2011-06-24 11:29 . 2011-06-24 14:18 -------- d-----w- c:\program files\Zrychleni Pocitace
2011-06-21 18:17 . 2011-06-24 12:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\BVRP Software
2011-06-11 10:24 . 2011-06-11 10:24 -------- d-----w- C:\Program
2011-06-08 17:41 . 2011-06-08 17:41 -------- d-----w- c:\program files\TopCD
2011-05-27 15:54 . 2011-05-27 15:54 -------- d-----w- c:\documents and settings\Petr\Local Settings\Data aplikací\Sports Interactive
2011-05-27 15:40 . 2011-05-27 15:49 -------- d--h--w- c:\program files\Zero G Registry
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 11:02 . 2010-11-17 22:03 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-06-23 11:02 . 2011-03-15 16:50 271200 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-23 11:02 . 2010-10-11 17:16 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-06-21 19:05 . 2010-11-15 18:18 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-05-13 10:32 . 2010-11-15 18:18 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-05-13 10:31 . 2010-10-11 16:30 139152 ----a-w- c:\documents and settings\Petr\Data aplikací\PnkBstrK.sys
2011-05-13 10:31 . 2010-10-26 17:24 794408 ----a-w- c:\windows\system32\pbsvc.exe
2011-06-16 04:30 . 2011-06-24 15:16 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^306313.lnk]
path=c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\306313.lnk
backup=c:\windows\pss\306313.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^HDDlife.lnk]
path=c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\HDDlife.lnk
backup=c:\windows\pss\HDDlife.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Petr^Nabídka Start^Programy^Po spuštění^Registration .LNK]
path=c:\documents and settings\Petr\Nabídka Start\Programy\Po spuštění\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 12:49 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-06 19:07 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2006-01-06 19:07 348160 ----a-w- c:\windows\system32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 10:43 226904 ----a-w- c:\documents and settings\All Users\Data aplikací\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMCONFIG]
2008-05-29 23:22 212992 ----a-w- c:\program files\Mouse Driver\StartAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 06:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
2005-03-05 20:09 2573536 ----a-w- c:\progra~1\Sygate\SPF\Smc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan (1)]
2007-04-16 14:28 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 15:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-03-27 14:50 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"NMIndexingService"=3 (0x3)
"ATI Smart"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"PnkBstrA"=2 (0x2)
"ACS"=2 (0x2)
"idsvc"=3 (0x3)
"HDDlife HDD Access service"=2 (0x2)
"McciCMService"=2 (0x2)
"ICQ Service"=2 (0x2)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ose"=3 (0x3)
"rpcapd"=3 (0x3)
"wlidsvc"=2 (0x2)
"Pml Driver HPH11"=3 (0x3)
"NBService"=3 (0x3)
"KMWDSERVICE"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Hry\\CALL OF DUTY 4\\iw3mp.exe"=
"d:\\Hry\\Pro evo 2011\\pes2011.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.9.2009 21:12 691696]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [26.4.2011 14:52 25088]
R3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [21.3.2011 14:05 611584]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [13.1.2010 16:30 51040]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [24.6.2011 17:11 27064]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [19.4.2010 20:12 11520]
S4 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [31.8.2009 22:00 1821184]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-24 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2010-12-21 09:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Petr\Data aplikací\Mozilla\Firefox\Profiles\z45yhtgd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.http - 210.75.23.85
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-06-24 17:46
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-854245398-651377827-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:c5,d3,92,03,35,91,12,ee,bd,07,73,f4,4d,23,82,05,23,a0,6a,ba,bb,c2,3b,
16,d9,40,0b,78,6b,6a,8a,53,92,66,7a,4c,51,c2,8d,e4,9e,ed,8d,be,0a,75,3d,d5,\
"??"=hex:f5,a7,a1,2c,15,f1,05,81,d7,a1,4d,db,6f,30,e5,8d
.
[HKEY_USERS\S-1-5-21-854245398-651377827-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:55,cc,9f,ed,6c,fb,6d,ef,49,9d,ef,e1,18,05,f6,e6,a8,83,a6,5e,c8,
70,0c,66,2f,c6,75,5f,43,5c,5f,c1,39,a2,59,ee,82,88,d0,b3,76,5f,45,6e,43,e3,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(728)
c:\windows\system32\SSSensor.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2011-06-24 17:49:15
ComboFix-quarantined-files.txt 2011-06-24 15:49
ComboFix2.txt 2011-06-24 14:57
.
Před spuštěním: Volných bajtů: 33 265 983 488
Po spuštění: Volných bajtů: 33 275 695 104
.
- - End Of File - - 67315C095DBD446C0E8B04B420C26DC7
asi to bylo firewalem 
Pokud nemáš ComboFix na ploše, přesuň jej tam.
Přispějete na provoz fóra?