ComboFix 10-04-30.03 - PIII 01.05.2010  16:04:23.11.1 - x86
Microsoft Windows 2000 Professional  5.0.2195.4.1250.420.1029.18.255.108 [GMT 2:00]
Sputn z: c:\documents and settings\PIII\Plocha\ComboFix.exe

VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\PIII\Dokumenty\cc_20100429_191855.reg
c:\program files\WindowsUpdate
c:\winnt\system32\_000009_.tmp.dll

c:\winnt\system32\comres.dll . . . je infikovn!!

c:\winnt\system32\comres.dll . . . je infikovn!!

.
(((((((((((((((((((((((((   Soubory vytvoen od 2010-04-01 do 2010-05-01  )))))))))))))))))))))))))))))))
.

2010-05-01 14:01 . 2010-05-01 14:01	16384	-c--atw-	c:\winnt\system32\Perflib_Perfdata_2fc.dat
2010-04-30 20:13 . 2010-04-30 20:13	--------	dc----w-	c:\documents and settings\Divertikulza tlustho steva - Ordinace.cz_soubory
2010-04-29 17:04 . 2008-06-21 02:54	65448	-c--a-r-	c:\winnt\system32\drivers\SBFWIM.sys
2010-04-29 17:04 . 2008-10-31 05:09	270888	-c--a-r-	c:\winnt\system32\drivers\SbFw.sys
2010-04-29 17:03 . 2010-04-29 17:03	--------	dc----w-	c:\program files\Sunbelt Software
2010-04-29 14:40 . 2010-04-29 14:40	--------	dc----w-	c:\program files\ESET
2010-04-29 14:03 . 2010-03-05 08:33	579072	-c--a-w-	c:\winnt\system32\WININET.DLL
2010-04-14 00:20 . 2010-02-18 12:14	1736576	-c--a-w-	c:\winnt\system32\dllcache\NTKRPAMP.EXE
2010-04-14 00:20 . 2010-02-18 12:14	1715264	-c--a-w-	c:\winnt\system32\dllcache\NTKRNLMP.EXE
2010-04-12 11:11 . 2010-04-12 11:11	--------	dc----w-	c:\documents and settings\Studnice - Co je pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08	--------	dc----w-	c:\documents and settings\pravda_soubory
2010-04-12 11:08 . 2010-04-12 11:08	--------	dc----w-	c:\documents and settings\pravda_soubory\ads_data
2010-04-12 01:51 . 2010-04-12 01:51	--------	dc----w-	c:\documents and settings\maria-poselstv_soubory
2010-04-12 01:37 . 2010-04-12 01:37	--------	dc----w-	c:\documents and settings\nanebevzet marie_soubory
2010-04-12 01:36 . 2010-04-12 01:36	--------	dc----w-	c:\documents and settings\diskuzn fora_soubory
2010-04-07 01:30 . 2010-04-07 01:30	--------	dc----w-	c:\documents and settings\Drdiv trank_soubory

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:23 . 2010-03-31 06:23	95872	-c--a-w-	c:\winnt\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22	114984	-c--a-w-	c:\winnt\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17	140216	-c--a-w-	c:\winnt\system32\drivers\eamon.sys
2010-03-24 10:20 . 2010-01-14 18:56	--------	dc--a-w-	c:\program files\Plant Tycoon
2010-03-12 09:14 . 2002-02-26 13:58	401408	-c--a-w-	c:\winnt\system32\vbscript.dll
2010-02-24 06:46 . 2001-06-14 00:00	416304	-c--a-w-	c:\winnt\system32\drivers\mrxsmb.sys
2010-02-18 12:14 . 2001-06-14 00:00	1691648	-c--a-w-	c:\winnt\system32\NTOSKRNL.EXE
2010-02-18 12:14 . 2001-04-14 06:32	1714368	-c--a-w-	c:\winnt\system32\NTKRNLPA.EXE
2010-02-16 04:28 . 2001-06-14 00:00	170800	-c--a-w-	c:\winnt\system32\drivers\rdbss.sys
2010-02-15 12:52 . 2010-02-15 12:52	167696	-c--a-w-	c:\winnt\system32\WINTRUST.DLL
.

------- Sigcheck -------

[-] 2003-02-01 10:09 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="c:\program files\MultiRes\MultiRes.exe" [2005-01-26 61952]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2004-10-29 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

R1 ehdrv;ehdrv;c:\winnt\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R1 SbFw;SbFw;c:\winnt\system32\drivers\SbFw.sys [29.4.2010 19:04 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\winnt\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\winnt\system32\drivers\ctlsb16.sys [13.4.2009 15:09 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\winnt\system32\drivers\SBFWIM.sys [29.4.2010 19:04 65448]
S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
S3 esihdrv;esihdrv;\??\c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://google.com/
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PIII\Data aplikac\Mozilla\Firefox\Profiles\n3amsakj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=150911&p=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- NASTAVEN FIREFOXU ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http - 
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl - 
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp - 
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher - 
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks - 
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 16:14
Windows 5.0.2195 Service Pack 4 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(184)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Celkov as: 2010-05-01  16:18:55
ComboFix-quarantined-files.txt  2010-05-01 14:18

Ped sputnm: 347405312
Po sputn: 405323264

- - End Of File - - 8363B2FC2A931D4099FED4FF3AD2E3FE
