ComboFix 14-10-04.01 - PC 11.10.2014  20:42:11.1.2 - x86
Sputn z: c:\users\PC\Plocha\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Local\MSGBOX.EXE
c:\windows\system32\oem30.inf
c:\windows\system32\tmp4D36.tmp
c:\windows\system32\tmp4D56.tmp
c:\windows\system32\tmp653F.tmp
c:\windows\system32\tmp6550.tmp
c:\windows\system32\tmpF5F9.tmp
c:\windows\system32\tmpF619.tmp
c:\windows\UA000106.DLL
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2014-09-11 do 2014-10-11  )))))))))))))))))))))))))))))))
.
.
2014-10-11 18:49 . 2014-10-11 18:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-11 18:49 . 2014-10-11 18:49	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2014-10-11 16:44 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D21BA3B-E293-4AFA-9717-E1AC4D1CEEF9}\mpengine.dll
2014-10-10 14:52 . 2014-10-10 14:52	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2014-10-10 14:52 . 2014-10-10 14:52	--------	d--h--w-	c:\programdata\CanonBJ
2014-10-10 14:52 . 2010-08-25 03:00	73216	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2014-10-10 14:52 . 2010-08-25 03:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2014-10-10 14:51 . 2010-08-25 03:00	290816	----a-w-	c:\windows\system32\CNMLMAD.DLL
2014-10-10 14:49 . 2010-03-18 17:25	307200	----a-w-	c:\windows\system32\CNC5100L.dll
2014-10-10 14:49 . 2010-03-18 15:12	114688	----a-w-	c:\windows\system32\CNC5100I.dll
2014-10-10 14:49 . 2010-03-18 15:12	1335296	----a-w-	c:\windows\system32\CNC5100C.dll
2014-10-10 14:49 . 2010-03-18 15:11	106496	----a-w-	c:\windows\system32\CNC5100U.dll
2014-10-10 14:49 . 2008-08-25 16:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2014-10-10 14:26 . 2014-10-11 18:49	--------	d-----w-	c:\users\PC\AppData\Local\Temp
2014-10-09 20:04 . 2014-10-09 20:04	--------	d-----w-	C:\OnTranslator
2014-10-09 19:14 . 2014-10-09 20:02	--------	d-----w-	C:\FRST
2014-10-09 18:48 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-09 18:45 . 2014-10-09 18:45	--------	d-----w-	c:\users\PC\AppData\Local\CrashDumps
2014-10-09 18:45 . 2014-10-11 16:35	--------	d-----r-	c:\users\PC\Disk Google
2014-10-05 16:39 . 2014-09-16 16:49	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{969B3A34-3DBF-4193-8A6A-D38B45BC8949}\gapaengine.dll
2014-09-29 19:42 . 2014-09-29 19:44	--------	d-----w-	C:\Friends
2014-09-27 18:34 . 2014-09-27 18:34	--------	d-----w-	c:\program files\Cisco
2014-09-27 18:31 . 2014-09-27 18:30	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2014-09-27 18:31 . 2014-09-27 18:30	91376	----a-w-	c:\windows\system32\bcmwlcoi.dll
2014-09-27 18:31 . 2014-09-27 18:30	3555328	----a-w-	c:\windows\system32\bcmihvui.dll
2014-09-27 18:31 . 2014-09-27 18:30	3866624	----a-w-	c:\windows\system32\bcmihvsrv.dll
2014-09-27 18:31 . 2014-09-27 18:31	--------	d-----w-	c:\program files\Broadcom
2014-09-27 18:31 . 2014-09-27 18:30	2707448	----a-w-	c:\windows\system32\drivers\BCMWL6.SYS
2014-09-27 18:15 . 2014-09-27 18:15	--------	d-----w-	c:\users\PC\AppData\Roaming\Easeware
2014-09-27 18:15 . 2014-09-27 18:41	--------	d-----w-	c:\program files\Easeware
2014-09-27 18:13 . 2014-09-27 18:13	--------	d-----w-	c:\users\PC\AppData\Local\Deployment
2014-09-27 18:00 . 2014-09-27 18:00	--------	d-----w-	c:\users\PC\AppData\Local\DriverToolkit
2014-09-27 17:59 . 2012-12-14 13:54	36864	------w-	c:\windows\runSW.exe
2014-09-27 17:59 . 2013-01-24 15:32	430080	----a-w-	c:\windows\SwUSB.exe
2014-09-27 17:59 . 2014-09-27 17:59	--------	d-----w-	c:\program files\Edimax
2014-09-27 17:58 . 2014-09-27 17:58	--------	d-----w-	c:\programdata\Informer Technologies, Inc
2014-09-27 17:35 . 2014-09-27 17:35	--------	d-----w-	c:\program files\Marvell
2014-09-27 16:28 . 2014-09-27 16:29	--------	d-----w-	c:\users\PC\AppData\Local\ApplicationHistory
2014-09-27 15:43 . 2014-09-27 15:43	--------	d-----w-	c:\users\PC\AppData\Roaming\Opera Software
2014-09-27 15:43 . 2014-09-27 15:43	--------	d-----w-	c:\users\PC\AppData\Local\Opera Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2010-01-06 09:03	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-09-16 16:49 . 2012-06-12 17:57	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-23 14:47 . 2011-04-19 10:34	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2014-09-26 921600]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 20:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 16:26	21650016	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761669904-710429162-1290869662-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
yksvcs	REG_MULTI_SZ   	yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 15:22	1096520	----a-w-	c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Obsah adrese 'Naplnovan lohy'
.
.
------- Doplkov sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9cty066g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - ExtSQL: !HIDDEN! 2010-01-20 01:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602&tt=290312_bexdll
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7cfae64700000000000000247e34eea8
FF - user.js: extensions.BabylonToolbar_i.hardId - 7cfae64700000000000000247e34eea8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
Toolbar-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-11 20:49
Windows 6.0.6002 Service Pack 2 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-761669904-710429162-1290869662-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:6f,ba,cb,a9,cb,1f,9e,f7,aa,9f,9a,5d,14,cf,4a,a7,7d,a7,6b,ed,a4,52,7f,
   a3,17,df,4e,0b,7c,da,d9,ea,48,03,3f,49,9a,dc,64,2f,a6,35,63,14,5c,2d,60,ad,\
"??"=hex:5f,94,b8,32,81,0c,f6,c8,14,95,d1,11,e8,53,2f,71
.
[HKEY_USERS\S-1-5-21-761669904-710429162-1290869662-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,7c,06,fd,b8,e1,a0,46,42,41,cf,da,7f,64,d8,3c,ce,a0,b8,1a,45,
   a2,01,fb,f5,6a,74,17,a5,02,cc,c1,f8,22,2f,07,2a,d0,12,a6,70,c5,13,98,c7,84,\
"rkeysecu"=hex:5f,dc,fc,44,1f,69,2f,60,f1,c0,00,a9,21,4e,3a,90
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkov as: 2014-10-11  20:52:28
ComboFix-quarantined-files.txt  2014-10-11 18:52
.
Ped sputnm: Volnch bajt: 48622333952
Po sputn: Volnch bajt: 48530182144
.
- - End Of File - - 2FF593F4861D148CEC955AC27EB29D4A
5C616939100B85E558DA92B899A0FC36
