ComboFix 10-01-26.02 - Irma 27.01.2010   9:55.1.2 - x86
Microsoft Windows Vista Home Premium   6.0.6002.2.1250.420.1029.18.959.173 [GMT 1:00]
Sputn z: c:\users\Irma\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2210734124-3313158550-2263523583-500
c:\$recycle.bin\S-1-5-21-2975896864-1140630541-4158382633-500
c:\$recycle.bin\S-1-5-21-3756814594-934791744-2934890308-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((   Soubory vytvoen od 2009-12-27 do 2010-01-27  )))))))))))))))))))))))))))))))
.

2010-01-27 08:35 . 2010-01-27 08:35	--------	d-----w-	c:\users\Irma\AppData\Roaming\URSoft
2010-01-27 08:35 . 2010-01-27 08:35	--------	d-----w-	c:\program files\Your Uninstaller 2010
2010-01-12 22:43 . 2009-10-19 13:38	156672	----a-w-	c:\windows\system32\t2embed.dll
2010-01-12 22:43 . 2009-10-19 13:35	72704	----a-w-	c:\windows\system32\fontsub.dll
2010-01-09 10:28 . 2010-01-09 10:36	--------	d-----w-	c:\users\Irma\AppData\Roaming\U3

.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 08:32 . 2007-01-08 21:09	598600	----a-w-	c:\windows\system32\perfh005.dat
2010-01-27 08:32 . 2007-01-08 21:09	114808	----a-w-	c:\windows\system32\perfc005.dat
2010-01-14 10:12 . 2009-10-03 11:13	181120	------w-	c:\windows\system32\MpSigStub.exe
2010-01-13 22:53 . 2007-04-13 09:46	--------	d-----w-	c:\programdata\Microsoft Help
2010-01-13 22:52 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-01-02 06:38 . 2010-01-21 20:43	916480	----a-w-	c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 20:43	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 20:43	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 20:43	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-12-20 08:16 . 2009-12-20 08:16	515848	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-13 19:18 . 2009-12-13 19:18	--------	d-----w-	c:\program files\MSXML 4.0
2009-12-09 22:58 . 2009-12-09 22:58	--------	d-----w-	c:\program files\Software602
2009-12-04 13:04 . 2009-12-04 13:04	--------	d-----w-	c:\program files\AVG
2009-12-04 12:51 . 2009-12-04 12:51	--------	d-----w-	c:\program files\Windows Portable Devices
2009-12-04 12:50 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-12-04 12:50 . 2009-12-04 12:50	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 05:20 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-12-03 05:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2009-12-03 05:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-12-03 05:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-12-03 05:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-12-03 05:19 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-12-03 05:16 . 2009-12-03 05:16	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-11-28 14:57 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2009-11-28 14:57 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2009-11-26 21:31 . 2007-10-23 07:00	99864	----a-w-	c:\users\Irma\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-09 12:31 . 2009-12-13 19:17	24064	----a-w-	c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:17	30720	----a-w-	c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:17	411648	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 22:51	2048	----a-w-	c:\windows\system32\tzres.dll
2004-12-02 05:18 . 2007-04-13 10:17	222390	--sha-r-	c:\windows\ConfigSetRoot\IO.SYS
.

((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-12 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-12 81920]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2007-7-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):76,ac,b4,1d,d9,73,ca,01

R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [20.4.2007 12:34 674048]
S2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\System32\drivers\wf2kvcap.sys [4.10.2004 10:34 75925]
S3 FontCache;Mezipam psem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [8.6.2008 9:20 21504]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [2.11.2006 11:32 1083520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Obsah adrese 'Naplnovan lohy'

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{0023ABC7-74C2-496E-9CE7-01F885722655}.job
- c:\windows\system32\msfeedssync.exe [2010-01-21 04:56]
.
.
------- Doplkov sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} - hxxps://www.mojedatovaschranka.cz/static/pages/isds/cab/filleractivex.cab
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -

BHO-{CDBFB47B-58A8-4111-BF95-06178DCE326D} - c:\program files\System Search Dispatcher\1.3.0.840\ssd.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe



**************************************************************************
skenovn skrytch proces ...  

skenovn skrytch poloek 'Po sputn' ... 

skenovn skrytch soubor ...  

sken byl spen dokonen
skryt soubory: 

**************************************************************************
.
------------------------ Jin sputen procesy ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Celkov as: 2010-01-27  10:12:59 - pota byl restartovn
ComboFix-quarantined-files.txt  2010-01-27 09:12

Ped sputnm: Volnch bajt: 187002626048
Po sputn: Volnch bajt: 187039571968

- - End Of File - - 344C9049D89832F8454590164B318DD1
