ComboFix 09-10-18.04 - Reny 19.10.2009 15:17.3.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.420.1029.18.1015.486 [GMT 2:00]
Spuštěný z: c:\documents and settings\Reny\Plocha\Ren.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

(((((((((((((((((((((((((((((((((((((((   Ostatní výmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\16bf396.msi
c:\windows\system32\axaltocm.dll
c:\windows\system32\oem0.inf
c:\windows\system32\oem58.inf

.
(((((((((((((((((((((((((   Soubory vytvořené od 2009-09-19 do 2009-10-19  )))))))))))))))))))))))))))))))
.

2009-10-17 17:59 . 2009-10-17 17:59	--------	d-----r-	c:\documents and settings\LocalService\Oblíbené položky
2009-10-17 16:31 . 2009-07-28 14:33	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-10-16 06:22 . 2009-10-19 12:15	--------	d-----w-	c:\program files\Eset
2009-10-11 12:43 . 2009-10-11 12:41	737280	----a-w-	c:\windows\iun6002.exe
2009-10-09 21:49 . 2009-10-09 21:49	666	----a-w-	C:\Toolbars.dat
2009-10-09 06:13 . 2009-10-09 06:13	--------	d-----w-	c:\program files\NOS
2009-10-06 06:08 . 2009-10-06 06:08	--------	d-----w-	c:\program files\Synaptics
2009-10-05 13:45 . 2009-10-05 13:46	--------	d-----w-	c:\program files\Hewlett-Packard
2009-10-01 13:26 . 2009-10-01 13:26	--------	d-----w-	c:\program files\T-Mobile
2009-09-30 11:53 . 2009-09-30 11:53	--------	d-----w-	c:\windows\Internet Logs
2009-09-30 11:51 . 2007-04-03 14:18	29744	------w-	c:\windows\system32\InstHelper.dll
2009-09-30 11:50 . 2007-04-03 14:18	197672	----a-w-	c:\windows\system32\vpnapi.dll
2009-09-30 11:50 . 2007-04-03 14:17	306295	----a-w-	c:\windows\system32\drivers\CVPNDRVA.sys
2009-09-30 11:50 . 2007-01-18 12:28	5275	----a-w-	c:\windows\system32\drivers\CVirtA.sys
2009-09-30 11:50 . 2009-09-30 11:50	--------	d-----w-	c:\program files\Common Files\Deterministic Networks
2009-09-30 11:50 . 2009-09-30 11:50	--------	d-----w-	c:\program files\Cisco Systems
2009-09-30 11:50 . 2007-04-03 14:18	193576	----a-w-	c:\windows\system32\CSGina.dll
2009-09-30 11:49 . 2007-01-23 22:23	127376	----a-w-	c:\windows\system32\drivers\dne2000.sys
2009-09-30 11:49 . 2007-01-23 22:23	101904	----a-w-	c:\windows\system32\dneinobj.dll
2009-09-30 11:48 . 2009-09-30 11:48	--------	d-----w-	c:\windows\CCBAA1F7E5E148B29ED9A79C6A37CE78.TMP
2009-09-30 11:48 . 2009-09-30 11:48	--------	d-----w-	c:\program files\Citrix
2009-09-21 09:56 . 2009-03-09 13:27	4178264	----a-w-	c:\windows\system32\D3DX9_41.dll
2009-09-21 09:55 . 2009-09-21 09:55	--------	d-----w-	c:\windows\Logs

.
((((((((((((((((((((((((((((((((((((((((   Find3M výpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 13:17 . 2009-10-19 13:17	4706	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2009-10-19 13:17 . 2006-03-02 12:00	89886	----a-w-	c:\windows\system32\perfc005.dat
2009-10-19 13:17 . 2006-03-02 12:00	453004	----a-w-	c:\windows\system32\perfh005.dat
2009-10-19 11:55 . 2009-05-18 08:06	--------	d-----r-	c:\program files\The Bat!
2009-10-19 05:21 . 2009-05-18 14:30	--------	d-----w-	c:\program files\Common Files\Adobe
2009-10-16 06:54 . 2009-06-18 17:52	--------	d-----w-	c:\program files\SUPERAntiSpyware
2009-10-16 06:11 . 2009-09-15 17:42	--------	d-----w-	c:\program files\Glary Utilities
2009-10-16 05:34 . 2009-08-11 07:45	--------	d-----w-	c:\program files\Free Download Manager
2009-10-09 05:40 . 2009-05-18 08:08	--------	d-----w-	c:\program files\EssentialPIM
2009-10-05 13:30 . 2009-05-18 07:55	1123328	----a-w-	c:\windows\system32\drivers\BCMWL5.SYS
2009-10-01 13:07 . 2009-06-17 12:14	--------	d-----w-	c:\program files\Driver Magician
2009-10-01 13:05 . 2009-05-29 09:18	--------	d-----w-	c:\program files\Common Files\ACD Systems
2009-09-30 11:50 . 2009-05-18 08:00	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-09-25 07:58 . 2009-05-18 09:12	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2009-09-15 18:07 . 2009-05-18 13:17	--------	d-----w-	c:\program files\AstraScan Scanner
2009-09-15 09:57 . 2009-09-15 09:57	80766	----a-w-	c:\windows\system32\prfc0405.dat
2009-09-15 09:57 . 2009-09-15 09:57	434676	----a-w-	c:\windows\system32\prfh0405.dat
2009-09-11 21:23 . 2009-09-11 21:20	--------	d-----w-	c:\program files\Easy DVD CD Burner
2009-09-11 14:19 . 2006-03-02 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-11 05:26 . 2009-09-11 05:26	55768	----a-w-	c:\windows\system32\drivers\epfwtdi.sys
2009-09-11 05:26 . 2009-09-11 05:26	135048	----a-w-	c:\windows\system32\drivers\epfw.sys
2009-09-11 05:23 . 2009-09-11 05:23	108792	----a-w-	c:\windows\system32\drivers\ehdrv.sys
2009-09-11 05:17 . 2009-09-11 05:17	116008	----a-w-	c:\windows\system32\drivers\eamon.sys
2009-09-09 18:45 . 2009-09-09 13:07	--------	d-----w-	c:\program files\AVS4YOU
2009-09-09 13:10 . 2009-09-09 13:08	--------	d-----w-	c:\program files\Common Files\AVSMedia
2009-09-09 13:04 . 2009-09-09 12:59	--------	d-----w-	c:\program files\Burn4Free
2009-09-09 12:52 . 2009-09-09 12:52	--------	d-----w-	c:\program files\Ashampoo
2009-09-04 21:05 . 2006-03-02 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-09-04 18:35 . 2009-06-24 07:40	--------	d-----w-	c:\program files\Java
2009-09-03 06:36 . 2009-09-03 06:36	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-09-02 20:21 . 2009-09-02 20:06	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2009-09-02 19:55 . 2009-05-18 08:30	--------	d-----r-	c:\program files\Samsung
2009-08-29 07:58 . 2006-03-02 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2006-03-02 12:00	247326	------w-	c:\windows\system32\strmdll.dll
2009-08-21 19:15 . 2009-08-21 19:15	557568	----a-w-	c:\windows\system32\B4FM.dll
2009-08-05 09:01 . 2006-03-02 12:00	205312	------w-	c:\windows\system32\mswebdvd.dll
2009-08-04 17:52 . 2009-08-04 17:52	1193832	----a-w-	c:\windows\system32\FM20.DLL
2009-08-04 17:29 . 2006-03-02 12:00	2147328	------w-	c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2004-08-17 15:45	2025984	------w-	c:\windows\system32\ntkrnlpa.exe
2009-07-25 03:23 . 2009-06-24 07:40	411368	----a-w-	c:\windows\system32\deploytk.dll
2004-04-02 13:02 . 2009-05-20 19:12	736067	----a-w-	c:\program files\StylXP-KS_Assault2_RC2.exe
.

((((((((((((((((((((((((((((((((((   Spouštěcí body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2009-04-14 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-13 561213]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-9-30 1537064]
Program Neighborhood Agent.lnk - c:\program files\Citrix\ICA Client\pnagent.exe [2006-11-8 233744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
"SamsungPCSuiteTrayApplication"=c:\program files\Samsung\Samsung PC Studio 7\LaunchApplication.exe -startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"CameraFixer"=c:\windows\CameraFixer.exe
"snpstd"=c:\windows\vsnpstd.exe
"SynTPStart"=c:\program files\Synaptics\SynTP\SynTPStart.exe
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"MyWebSearch Plugin"=rundll32 c:\progra~1\MyWebSearch\bar\1.bin\M3PLUGIN.DLL,UPF
"hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5.8.2009 16:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5.8.2009 16:06 74480]
R2 ameisvc;Web'n'walk Manager mobile equipment installation service;c:\program files\T-Mobile\Web'n'walk Manager\ameisvc.exe [21.7.2009 17:48 66288]
R2 ekrn;ESET Service;c:\program files\Eset\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 Ethpdrv;Ethernet Packet Driver;c:\windows\system32\drivers\ethpdrv.sys [8.9.2005 1:18 9728]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [2.3.2006 14:00 14336]
S3 IpwP;IPWireless 3G PCMCIA Network Adapter;c:\windows\system32\drivers\ipwpnet.sys [27.5.2009 13:08 43184]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [18.5.2009 10:35 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [18.5.2009 10:35 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [18.5.2009 10:35 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [18.5.2009 10:35 12288]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5.8.2009 16:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-10-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 07:59]

2009-10-19 c:\windows\Tasks\User_Feed_Synchronization-{0342911D-DE58-41FC-AD4F-F6212EC79C90}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = https://dealers.t-mobile.cz:4085/persap/plsql/cui_web_search_entry.cui_startup?i_ts=1255934409000
uInternet Settings,ProxyOverride = localhost;127.0.0.1;*.rdm.cz;x2webserv;webcsc;172.20.51.122;172.20.56.247;*.tmcz.cz;*.radiomobil.cz;*.detemobil.de;*im.radiomobil.cz;*im.t-mobile.cz;*.tmo
uInternet Settings,ProxyServer = rdmproxy.rdm.cz:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: cackon.net\www
Trusted Zone: t-mobile.cz\ca
Trusted Zone: t-mobile.cz\rdmsales
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\Reny\Data aplikací\Mozilla\Firefox\Profiles\xm360wm6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www1.warforum.cz/viewforum.php?f=57|http://www1.warforum.cz/viewforum.php?f=214
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
 
FF - user.js: ui.submenuDelay - 55
FF - user.js: browser.tabs.tabMinWidth - 100
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 15:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...  

skenování skrytých položek 'Po spuštění' ... 

skenování skrytých souborů ...  

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll

- - - - - - - > 'lsass.exe'(1336)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
Celkový čas: 2009-10-19 15:21
ComboFix-quarantined-files.txt  2009-10-19 13:21

Před spuštěním: Volných bajtů: 16 716 107 776
Po spuštění: Volných bajtů: 16 696 270 848

- - End Of File - - BE1880EED6AE66865A1441D9A333BA76