ComboFix 10-05-24.07 - PIII 25.05.2010  16:44:15.13.1 - x86
Microsoft Windows 2000 Professional  5.0.2195.4.1250.420.1029.18.255.107 [GMT 2:00]
Sputn z: c:\documents and settings\PIII.VER-G4IY6NCV23F\Dokumenty\Staen soubory\ComboFix.exe

VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\system\WINSPOOL.DRV

.
(((((((((((((((((((((((((   Soubory vytvoen od 2010-04-25 do 2010-05-25  )))))))))))))))))))))))))))))))
.

2010-05-11 19:58 . 2010-05-11 20:08	58904	-c--a-w-	c:\winnt\system32\sysfolderazipcnt.dll
2010-05-11 19:58 . 2010-05-11 20:08	58904	-c--a-w-	c:\winnt\system32\azipcontmn.dll
2010-05-11 15:37 . 2010-04-29 13:39	38224	-c--a-w-	c:\winnt\system32\drivers\mbamswissarmy.sys
2010-05-11 15:37 . 2010-04-29 13:39	19288	-c--a-w-	c:\winnt\system32\drivers\mbam.sys
2010-05-11 15:37 . 2010-05-11 15:37	--------	dc----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-08 17:57 . 2010-05-20 13:22	--------	dc--a-w-	c:\program files\Sallys Spa
2010-05-08 17:55 . 2010-05-08 17:55	--------	dc----w-	c:\program files\ReflexiveArcade
2010-05-02 19:24 . 2010-05-02 19:24	0	-c--a-w-	c:\winnt\nsreg.dat
2010-05-02 14:35 . 2010-05-02 14:35	77312	----a-w-	C:\mbr.exe
2010-05-01 14:48 . 2010-05-01 16:09	--------	dc----w-	c:\program files\trend micro
2010-05-01 14:48 . 2010-05-01 14:49	--------	d-----w-	C:\rsit
2010-04-30 20:13 . 2010-04-30 20:13	--------	dc----w-	c:\documents and settings\Divertikulza tlustho steva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54	65448	-c--a-r-	c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09	270888	-c--a-r-	c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03	--------	dc----w-	c:\program files\Sunbelt Software
2010-04-29 14:40 . 2010-04-29 14:40	--------	dc----w-	c:\program files\ESET
2010-04-29 14:03 . 2010-03-05 08:33	579072	-c--a-w-	c:\winnt\system32\WININET.DLL

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:23 . 2010-03-31 06:23	95872	-c--a-w-	c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22	114984	-c--a-w-	c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17	140216	-c--a-w-	c:\winnt\system32\drivers\eamon.sys
2010-03-12 09:14 . 2002-02-26 13:58	401408	-c--a-w-	c:\winnt\system32\vbscript.dll
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((   SnapShot@2010-05-01_14.14.28   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 16:04 . 2010-05-09 23:49	85173              c:\winnt\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	23040              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20	23040              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	61440              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	61440              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	27136              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	27136              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	11264              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	11264              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	86016              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	86016              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	12288              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	12288              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	4096              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	4096              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07	256280              c:\winnt\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	409600              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	409600              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	286720              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	286720              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	249856              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	249856              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-14 16:17 . 2010-05-03 09:20	794624              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	794624              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	135168              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	135168              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17 . 2009-04-14 16:17	593920              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-14 16:17 . 2010-05-03 09:19	593920              c:\winnt\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07	3884312              c:\winnt\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplkov sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII.VER-G4IY6NCV23F\Data aplikac\Mozilla\Firefox\Profiles\rgaoxuef.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com

---- NASTAVEN FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 18:56
Windows 5.0.2195 Service Pack 4 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(160)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1632)
c:\winnt\system32\SHDOCVW.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1029\OWCI11.DLL
.
------------------------ Jin sputen procesy ------------------------
.
c:\winnt\system32\nvsvc32.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\winnt\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkov as: 2010-05-25  19:02:22 - pota byl restartovn
ComboFix-quarantined-files.txt  2010-05-25 17:02
ComboFix2.txt  2010-05-01 16:36
ComboFix3.txt  2010-05-01 14:18

Ped sputnm: 442493952
Po sputn: 440431616

- - End Of File - - D07D79C52A8367FADFAA37028B2ACA73
