ComboFix 10-05-24.07 - PIII 29.05.2010  17:14:20.14.1 - x86
Microsoft Windows 2000 Professional  5.0.2195.4.1250.420.1029.18.255.47 [GMT 2:00]
Sputn z: C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Dokumenty\Staen soubory\ComboFix.exe
Pouit ovldac pepnae :: C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Plocha\CFScript.txt

VAROVN - NA TOMTO POTAI NEN NAINSTALOVNA KONZOLA PRO ZOTAVEN !!

FILE ::
"C:\winnt\system32\azipcontmn.dll"
"c:\winnt\system32\sysfolderazipcnt.dll"

file zipped: c:\WINNT\system32\mspmsnsv.dll
file zipped: C:\WINNT\system32\mstask.exe
file zipped: c:\WINNT\system32\WININET.DLL
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\winnt\system32\azipcontmn.dll
c:\winnt\system32\sysfolderazipcnt.dll

.
(((((((((((((((((((((((((   Soubory vytvoen od 2010-04-28 do 2010-05-29  )))))))))))))))))))))))))))))))
.

2010-05-29 15:12:01 . 2010-05-29 15:12:01	16384	-c--atw-	C:\WINNT\system32\Perflib_Perfdata_304.dat
2010-05-25 20:18:38 . 2010-05-25 23:48:31	--------	dc----w-	C:\Program Files\The KMPlayer
2010-05-25 18:19:05 . 2010-05-25 18:19:05	--------	d-----w-	C:\rei
2010-05-25 18:18:33 . 2010-05-25 18:18:33	--------	dc----w-	C:\Program Files\Reimage
2010-05-11 15:37:29 . 2010-04-29 13:39:38	38224	-c--a-w-	C:\WINNT\system32\drivers\mbamswissarmy.sys
2010-05-11 15:37:24 . 2010-04-29 13:39:24	19288	-c--a-w-	C:\WINNT\system32\drivers\mbam.sys
2010-05-11 15:37:18 . 2010-05-11 15:37:39	--------	dc----w-	C:\Program Files\Malwarebytes' Anti-Malware
2010-05-11 14:02:08 . 2010-05-11 14:02:08	352513	-c--a-w-	C:\WINNT\system32\savapi3.dll
2010-05-11 14:02:08 . 2010-05-11 14:02:08	1380403	-c--a-w-	C:\WINNT\system32\avgsdk.dll
2010-05-08 17:57:43 . 2010-05-20 13:22:03	--------	dc--a-w-	C:\Program Files\Sallys Spa
2010-05-08 17:55:53 . 2010-05-08 17:55:53	--------	dc----w-	C:\Program Files\ReflexiveArcade
2010-05-02 19:24:46 . 2010-05-02 19:24:46	0	-c--a-w-	C:\WINNT\nsreg.dat
2010-05-02 14:35:30 . 2010-05-02 14:35:45	77312	----a-w-	C:\mbr.exe
2010-05-01 14:48:10 . 2010-05-01 16:09:09	--------	dc----w-	C:\Program Files\trend micro
2010-05-01 14:48:08 . 2010-05-01 14:49:56	--------	d-----w-	C:\rsit
2010-04-30 20:13:49 . 2010-04-30 20:13:52	--------	dc----w-	C:\Documents and Settings\Divertikulza tlustho steva - Ordinace.cz_soubory
2010-04-29 17:04:34 . 2008-06-21 02:54:54	65448	-c--a-r-	C:\WINNT\system32\drivers\SBFWIM.sys
2010-04-29 17:04:17 . 2008-10-31 05:09:06	270888	-c--a-r-	C:\WINNT\system32\drivers\SbFw.sys
2010-04-29 17:03:50 . 2010-04-29 17:03:50	--------	dc----w-	C:\Program Files\Sunbelt Software

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 14:40:05 . 2010-04-29 14:40:05	--------	dc----w-	C:\Program Files\ESET
2010-03-31 06:23:56 . 2010-03-31 06:23:56	95872	-c--a-w-	C:\WINNT\system32\drivers\epfwtdir.sys
2010-03-31 06:22:32 . 2010-03-31 06:22:32	114984	-c--a-w-	C:\WINNT\system32\drivers\ehdrv.sys
2010-03-31 06:17:48 . 2010-03-31 06:17:48	140216	-c--a-w-	C:\WINNT\system32\drivers\eamon.sys
2010-03-12 09:14:04 . 2002-02-26 13:58:06	401408	-c--a-w-	C:\WINNT\system32\vbscript.dll
2010-03-05 08:33:50 . 2010-04-29 14:03:41	579072	-c--a-w-	C:\WINNT\system32\WININET.DLL
.

------- Sigcheck -------

[-] 2003-02-01 10:09:14 . 9E1381B2DE2A23F8E4C22E814D55F475 . 52224 . . [ERROR: 0x0] . . C:\WINNT\system32\mspmsnsv.dll
.
(((((((((((((((((((((((((((((   SnapShot@2010-05-01_14.14.28   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 16:04:46 . 2010-05-09 23:49:23	85173              C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	23040              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:20:10	23040              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2009-04-14 16:17:48 . 2009-04-14 16:17:48	61440              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-04-14 16:17:48 . 2010-05-03 09:19:28	61440              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	27136              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:19:52	27136              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	11264              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:19:48	11264              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:19:44	86016              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	86016              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	12288              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:19:41	12288              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:19:56	4096              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	4096              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32	256280              C:\WINNT\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2009-04-14 16:17:47 . 2009-04-14 16:17:47	409600              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-04-14 16:17:47 . 2010-05-03 09:19:14	409600              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2009-04-14 16:17:48 . 2009-04-14 16:17:48	286720              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17:48 . 2010-05-03 09:19:19	286720              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-04-14 16:17:48 . 2010-05-03 09:19:32	249856              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2009-04-14 16:17:48 . 2009-04-14 16:17:48	249856              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-04-14 16:17:49 . 2010-05-03 09:20:00	794624              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2009-04-14 16:17:49 . 2009-04-14 16:17:49	794624              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-04-14 16:17:48 . 2010-05-03 09:19:23	135168              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17:48 . 2009-04-14 16:17:48	135168              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2009-04-14 16:17:48 . 2009-04-14 16:17:48	593920              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-04-14 16:17:48 . 2010-05-03 09:19:37	593920              C:\WINNT\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2010-01-27 01:07:32 . 2010-01-27 01:07:32	3884312              C:\WINNT\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiRes"="C:\Program Files\MultiRes\MultiRes.exe" [2005-01-26 22:40:48 61952]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2004-10-29 20:50:00 4620288]
"nwiz"="nwiz.exe" [2004-10-29 20:50:00 921600]
"NvMediaCenter"="C:\WINNT\system32\NvMcTray.dll" [2004-10-29 20:50:00 86016]
"Synchronization Manager"="mobsync.exe" [2003-06-19 10:05:04 111888]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 06:22:20 2145000]

R1 ehdrv;ehdrv;C:\WINNT\system32\drivers\ehdrv.sys [31.3.2010 8:22:32 114984]
R1 epfwtdir;epfwtdir;C:\WINNT\system32\drivers\epfwtdir.sys [31.3.2010 8:23:56 95872]
R1 SbFw;SbFw;C:\WINNT\system32\drivers\SbFw.sys [29.4.2010 19:04:17 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINNT\system32\drivers\sbhips.sys [21.6.2008 4:54:54 66600]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23:00 810120]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24:28 95528]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);C:\WINNT\system32\drivers\ctlsb16.sys [13.4.2009 15:09:08 141904]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINNT\system32\drivers\SBFWIM.sys [29.4.2010 19:04:34 65448]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24:28 1365288]
S3 esihdrv;esihdrv;\??\C:\DOCUME~1\PIII\LOCALS~1\Temp\esihdrv.sys --> C:\DOCUME~1\PIII\LOCALS~1\Temp\esihdrv.sys [?]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://C:\WINNT\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://C:\WINNT\Java\classes\xmldso.cab
FF - ProfilePath - C:\Documents and Settings\PIII.VER-G4IY6NCV23F\Data aplikac\Mozilla\Firefox\Profiles\rgaoxuef.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com

---- NASTAVEN FIREFOXU ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 17:23:39
Windows 5.0.2195 Service Pack 4 NTFS

skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\PIII\LOCALS~1\Temp\ASFWHide"
.
--------------------- Knihovny navzan na bc procesy ---------------------

- - - - - - - > 'winlogon.exe'(184)
C:\WINNT\system32\wzcdlg.dll
C:\WINNT\system32\WZCSAPI.DLL
.
Celkov as: 2010-05-29  17:28:01
ComboFix-quarantined-files.txt  2010-05-29 15:27:55
ComboFix2.txt  2010-05-25 17:02:26
ComboFix3.txt  2010-05-01 16:36:13
ComboFix4.txt  2010-05-01 14:18:57

Ped sputnm: 383325184
Po sputn: 385243136

- - End Of File - - 4F4FFA7144420142098E51A84B6CF546
