ComboFix 14-10-04.01 - PC 11.10.2014  22:37:36.2.2 - x86
Sputn z: c:\users\PC\Plocha\ComboFix.exe
Pouit ovldac pepnae :: c:\users\PC\Plocha\CFScript.txt
.
.
(((((((((((((((((((((((((   Soubory vytvoen od 2014-09-11 do 2014-10-11  )))))))))))))))))))))))))))))))
.
.
2014-10-11 20:43 . 2014-10-11 20:45	--------	d-----w-	c:\users\PC\AppData\Local\temp
2014-10-11 20:43 . 2014-10-11 20:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-11 16:44 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D21BA3B-E293-4AFA-9717-E1AC4D1CEEF9}\mpengine.dll
2014-10-10 14:52 . 2014-10-10 14:52	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2014-10-10 14:52 . 2014-10-10 14:52	--------	d--h--w-	c:\programdata\CanonBJ
2014-10-10 14:52 . 2010-08-25 03:00	73216	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAD.DLL
2014-10-10 14:52 . 2010-08-25 03:00	27648	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAD.DLL
2014-10-10 14:51 . 2010-08-25 03:00	290816	----a-w-	c:\windows\system32\CNMLMAD.DLL
2014-10-10 14:49 . 2010-03-18 17:25	307200	----a-w-	c:\windows\system32\CNC5100L.dll
2014-10-10 14:49 . 2010-03-18 15:12	114688	----a-w-	c:\windows\system32\CNC5100I.dll
2014-10-10 14:49 . 2010-03-18 15:12	1335296	----a-w-	c:\windows\system32\CNC5100C.dll
2014-10-10 14:49 . 2010-03-18 15:11	106496	----a-w-	c:\windows\system32\CNC5100U.dll
2014-10-10 14:49 . 2008-08-25 16:02	15872	----a-w-	c:\windows\system32\CNHMCA.dll
2014-10-09 20:04 . 2014-10-09 20:04	--------	d-----w-	C:\OnTranslator
2014-10-09 19:14 . 2014-10-09 20:02	--------	d-----w-	C:\FRST
2014-10-09 18:48 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-09 18:45 . 2014-10-09 18:45	--------	d-----w-	c:\users\PC\AppData\Local\CrashDumps
2014-10-09 18:45 . 2014-10-11 16:35	--------	d-----r-	c:\users\PC\Disk Google
2014-10-05 16:39 . 2014-09-16 16:49	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{969B3A34-3DBF-4193-8A6A-D38B45BC8949}\gapaengine.dll
2014-09-29 19:42 . 2014-09-29 19:44	--------	d-----w-	C:\Friends
2014-09-27 18:34 . 2014-09-27 18:34	--------	d-----w-	c:\program files\Cisco
2014-09-27 18:31 . 2014-09-27 18:30	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2014-09-27 18:31 . 2014-09-27 18:30	91376	----a-w-	c:\windows\system32\bcmwlcoi.dll
2014-09-27 18:31 . 2014-09-27 18:30	3555328	----a-w-	c:\windows\system32\bcmihvui.dll
2014-09-27 18:31 . 2014-09-27 18:30	3866624	----a-w-	c:\windows\system32\bcmihvsrv.dll
2014-09-27 18:31 . 2014-09-27 18:31	--------	d-----w-	c:\program files\Broadcom
2014-09-27 18:31 . 2014-09-27 18:30	2707448	----a-w-	c:\windows\system32\drivers\BCMWL6.SYS
2014-09-27 18:15 . 2014-09-27 18:15	--------	d-----w-	c:\users\PC\AppData\Roaming\Easeware
2014-09-27 18:15 . 2014-09-27 18:41	--------	d-----w-	c:\program files\Easeware
2014-09-27 18:13 . 2014-09-27 18:13	--------	d-----w-	c:\users\PC\AppData\Local\Deployment
2014-09-27 18:00 . 2014-09-27 18:00	--------	d-----w-	c:\users\PC\AppData\Local\DriverToolkit
2014-09-27 17:59 . 2012-12-14 13:54	36864	------w-	c:\windows\runSW.exe
2014-09-27 17:59 . 2013-01-24 15:32	430080	----a-w-	c:\windows\SwUSB.exe
2014-09-27 17:59 . 2014-09-27 17:59	--------	d-----w-	c:\program files\Edimax
2014-09-27 17:58 . 2014-09-27 17:58	--------	d-----w-	c:\programdata\Informer Technologies, Inc
2014-09-27 17:35 . 2014-09-27 17:35	--------	d-----w-	c:\program files\Marvell
2014-09-27 16:28 . 2014-09-27 16:29	--------	d-----w-	c:\users\PC\AppData\Local\ApplicationHistory
2014-09-27 15:43 . 2014-09-27 15:43	--------	d-----w-	c:\users\PC\AppData\Roaming\Opera Software
2014-09-27 15:43 . 2014-09-27 15:43	--------	d-----w-	c:\users\PC\AppData\Local\Opera Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:41 . 2010-01-06 09:03	231568	------w-	c:\windows\system32\MpSigStub.exe
2014-09-16 16:49 . 2012-06-12 17:57	908840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-23 14:47 . 2011-04-19 10:34	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 08:34	579400	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2014-09-26 921600]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-08-08 22734160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^PC^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 20:51	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20	1305408	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-07-24 16:26	21650016	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-761669904-710429162-1290869662-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Ostatn sluby/ovladae v pamti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
yksvcs	REG_MULTI_SZ   	yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-26 15:22	1096520	----a-w-	c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
.
------- Doplkov sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\program files\RadioBar\toolbar.ni.dll
FF - ProfilePath - c:\users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\9cty066g.default\
FF - ExtSQL: !HIDDEN! 2010-01-20 01:11; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108602&tt=290312_bexdll
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 7cfae64700000000000000247e34eea8
FF - user.js: extensions.BabylonToolbar_i.hardId - 7cfae64700000000000000247e34eea8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15438
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-11 22:47
Windows 6.0.6002 Service Pack 2 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
------------------------ Jin sputen procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Hpservice.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\runSW.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Edimax\Edimax AC1200 Wireless LAN Driver\WPSService20.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\OnTranslator.com\OnTranslator.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\windows\SwUSB.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\conime.exe
.
**************************************************************************
.
Celkov as: 2014-10-11  22:50:30 - pota byl restartovn
ComboFix-quarantined-files.txt  2014-10-11 20:50
ComboFix2.txt  2014-10-11 18:52
.
Ped sputnm: Volnch bajt: 48564264960
Po sputn: Volnch bajt: 48232996864
.
- - End Of File - - D544969E460FFA9C09BD12AE5ACAE860
5C616939100B85E558DA92B899A0FC36
