VIRY.CZ

Dnes sa začal objavovať problem :ň
1. Chcel som pustiť scan PC cez NOD32, NOD spustím ale po kliknutí na kolonku "Kontrola PC" NOD zamrzne.
Spybot - Search & Destroy sa pre istotu ani nespustí, pri spustení v SECURITY mode, našlo pár malware ale nič riešiace problém.

Zde je log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:17, on 18.9.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
F:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
F:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe
F:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
F:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SimoSpravca\Desktop\Nový priečinok (2)\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: saVEnsheare - {3A556101-7F6E-BDBF-3A85-0EC3F2BF96E3} - C:\ProgramData\saVEnsheare\sEc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKLM\..\Run: [CloneCDTray] "F:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RocketDock] "F:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [AirVideoServer] C:\Program Files (x86)\AirVideoServer\AirVideoServer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [iFunBoxConnector] "F:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{25CDB192-872A-415D-88F7-1929BCD0D1BD}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{25CDB192-872A-415D-88F7-1929BCD0D1BD}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{25CDB192-872A-415D-88F7-1929BCD0D1BD}: NameServer = 8.8.8.8,8.8.8.4
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10586 bytes


Dakujem.

Zdravím!
Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 13-09-17.01 - SimoSpravca 18.09.2013 19:01:50.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.8146.6628 [GMT 2:00]
Running from: c:\users\SimoSpravca\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\saVEnsheare
c:\programdata\saVEnsheare\JSHF.dat
c:\programdata\saVEnsheare\JSHF.exe
c:\programdata\saVEnsheare\sEc.dat
c:\programdata\saVEnsheare\sEc.dll
c:\programdata\saVEnsheare\sEc.tlb
c:\users\SimoSpravca\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\SimoSpravca\AppData\Roaming\Love
c:\users\SimoSpravca\AppData\Roaming\Love\sienna\settings
c:\users\SimoSpravca\AppData\Roaming\Love\sienna\status
c:\users\SimoSpravca\AppData\Roaming\technic-launcher.jar
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-18 17:05 . 2013-09-18 17:05 -------- d-----w- c:\users\Simo\AppData\Local\temp
2013-09-18 17:05 . 2013-09-18 17:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-18 17:05 . 2013-09-18 17:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 14:51 . 2013-09-18 14:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-09-14 19:09 . 2013-09-18 14:29 -------- d-----w- c:\program files (x86)\ss helper
2013-09-14 19:09 . 2013-09-14 19:09 -------- d-----w- c:\programdata\InstallMate
2013-09-11 14:53 . 2013-09-11 14:53 -------- d-----w- c:\program files (x86)\OldGames.sk
2013-09-06 19:20 . 2013-09-06 19:20 -------- d-----w- c:\programdata\Steam
2013-09-05 13:42 . 2013-09-05 13:42 16896 ----a-r- c:\users\SimoSpravca\AppData\Roaming\Microsoft\Installer\{96443F45-13E2-11D6-AC87-00D0B7A9E540}\Icon96443F453.exe
2013-09-01 15:46 . 2013-09-01 15:46 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\fontconfig
2013-09-01 15:45 . 2013-09-01 15:45 -------- d-----w- c:\users\SimoSpravca\AppData\Local\Aegisub
2013-09-01 15:45 . 2013-09-01 15:45 -------- d-----w- c:\program files (x86)\Aegisub
2013-08-25 20:35 . 2013-08-25 20:35 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\Renegade Kid
2013-08-25 20:35 . 2013-08-25 20:35 -------- d-----w- c:\users\SimoSpravca\AppData\Local\Renegade Kid
2013-08-23 23:31 . 2013-08-23 23:31 -------- d-----w- c:\users\SimoSpravca\AppData\Local\MedGui
2013-08-22 17:59 . 2013-08-22 17:59 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\Wayforward Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 11:02 . 2013-01-19 22:07 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-07-21 15:14 . 2013-03-07 17:09 165232 ---ha-w- c:\users\SimoSpravca\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2013-05-15 93184]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-08-15 393216]
"iFunBoxConnector"="f:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-20 812544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="f:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"iTunesHelper"="f:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\SimoSpravca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=mt32emu.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 18:19 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4da87c1d09d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 21:41]
.
2013-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce4da889e9f49.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-20 21:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25CDB192-872A-415D-88F7-1929BCD0D1BD}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\SimoSpravca\AppData\Roaming\Mozilla\Firefox\Profiles\96l9ht2c.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3A556101-7F6E-BDBF-3A85-0EC3F2BF96E3} - c:\programdata\saVEnsheare\sEc.dll
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-Ootake_is1 - f:\xemluatory\Turbo Grafx\unins000.exe
AddRemove-Planescape - Torment - f:\program files (x86)\Black Isle\Torment\Uninst.isu
AddRemove-SShockDeinstallKey - f:\games\Sshock2\SShocku.log
AddRemove-The Witcher Grafikmods_is1 - f:\program files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\The Witcher\unins000.exe
AddRemove-WXMgQ2hyb25pY2xlcyBQbHVzIEkgKGMpIFhzZWVk_is1 - f:\program files (x86)\Ys Chronicles Plus I\unins000.exe
AddRemove-Zaklínač rozšířená edice v1.5 - f:\program files (x86)\CD Projekt Red\Zaklínač rozšířená edice\Uninstall.exe
AddRemove-{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} - c:\programdata\saVEnsheare\JSHF.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-18 19:07:05
ComboFix-quarantined-files.txt 2013-09-18 17:07
ComboFix2.txt 2013-01-29 19:05
ComboFix3.txt 2013-01-29 18:24
.
Pre-Run: 9 073 143 808 bytes free
Post-Run: 8 998 928 384 bytes free
.
- - End Of File - - 062C8576B0DEDD45EB74D969AAA5C537
A36C5E4F47E84449FF07ED3517B43A31

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4da87c1d09d.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce4da889e9f49.job

Driver::
BBSvc
BBUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tu je nový log. Avšak Nod robí stále to isté, jedná sa teda o chybu programu?

ComboFix 13-09-17.01 - SimoSpravca 18.09.2013 19:58:18.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.8146.5904 [GMT 2:00]
Running from: c:\users\SimoSpravca\Desktop\ComboFix.exe
Command switches used :: c:\users\SimoSpravca\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4da87c1d09d.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce4da889e9f49.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4da87c1d09d.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce4da889e9f49.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BBSvc
-------\Service_BBUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-08-18 to 2013-09-18 )))))))))))))))))))))))))))))))
.
.
2013-09-18 18:02 . 2013-09-18 18:02 -------- d-----w- c:\users\Simo\AppData\Local\temp
2013-09-18 18:02 . 2013-09-18 18:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-18 18:02 . 2013-09-18 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 14:51 . 2013-09-18 14:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-09-14 19:09 . 2013-09-18 14:29 -------- d-----w- c:\program files (x86)\ss helper
2013-09-14 19:09 . 2013-09-14 19:09 -------- d-----w- c:\programdata\InstallMate
2013-09-11 14:53 . 2013-09-11 14:53 -------- d-----w- c:\program files (x86)\OldGames.sk
2013-09-06 19:20 . 2013-09-06 19:20 -------- d-----w- c:\programdata\Steam
2013-09-05 13:42 . 2013-09-05 13:42 16896 ----a-r- c:\users\SimoSpravca\AppData\Roaming\Microsoft\Installer\{96443F45-13E2-11D6-AC87-00D0B7A9E540}\Icon96443F453.exe
2013-09-01 15:46 . 2013-09-01 15:46 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\fontconfig
2013-09-01 15:45 . 2013-09-01 15:45 -------- d-----w- c:\users\SimoSpravca\AppData\Local\Aegisub
2013-09-01 15:45 . 2013-09-01 15:45 -------- d-----w- c:\program files (x86)\Aegisub
2013-08-25 20:35 . 2013-08-25 20:35 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\Renegade Kid
2013-08-25 20:35 . 2013-08-25 20:35 -------- d-----w- c:\users\SimoSpravca\AppData\Local\Renegade Kid
2013-08-23 23:31 . 2013-08-23 23:31 -------- d-----w- c:\users\SimoSpravca\AppData\Local\MedGui
2013-08-22 17:59 . 2013-08-22 17:59 -------- d-----w- c:\users\SimoSpravca\AppData\Roaming\Wayforward Technologies
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-18 11:02 . 2013-01-19 22:07 119296 ----a-w- c:\windows\SysWow64\zlib.dll
2013-07-21 15:14 . 2013-03-07 17:09 165232 ---ha-w- c:\users\SimoSpravca\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3A556101-7F6E-BDBF-3A85-0EC3F2BF96E3}]
c:\programdata\saVEnsheare\sEc.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="f:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Remote Mouse"="c:\program files (x86)\Remote Mouse\RemoteMouse.exe" [2013-05-15 93184]
"AirVideoServer"="c:\program files (x86)\AirVideoServer\AirVideoServer.exe" [2012-07-19 4935112]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-08-15 393216]
"iFunBoxConnector"="f:\program files (x86)\i-Funbox DevTeam\ifb_conn.exe" [2012-11-20 812544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="f:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"iTunesHelper"="f:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\SimoSpravca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-4 41160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"MIDI2"=mt32emu.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [x]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 18:19 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 6325936]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{25CDB192-872A-415D-88F7-1929BCD0D1BD}: NameServer = 8.8.8.8,8.8.8.4
FF - ProfilePath - c:\users\SimoSpravca\AppData\Roaming\Mozilla\Firefox\Profiles\96l9ht2c.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
AddRemove-Ootake_is1 - f:\xemluatory\Turbo Grafx\unins000.exe
AddRemove-Planescape - Torment - f:\program files (x86)\Black Isle\Torment\Uninst.isu
AddRemove-SShockDeinstallKey - f:\games\Sshock2\SShocku.log
AddRemove-The Witcher Grafikmods_is1 - f:\program files (x86)\Steam\steamapps\common\The Witcher Enhanced Edition\The Witcher\unins000.exe
AddRemove-WXMgQ2hyb25pY2xlcyBQbHVzIEkgKGMpIFhzZWVk_is1 - f:\program files (x86)\Ys Chronicles Plus I\unins000.exe
AddRemove-Zaklínač rozšířená edice v1.5 - f:\program files (x86)\CD Projekt Red\Zaklínač rozšířená edice\Uninstall.exe
AddRemove-{62D82EC1-0D3A-DF54-8E3E-07E1337A5311} - c:\programdata\saVEnsheare\JSHF.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
.
**************************************************************************
.
Completion time: 2013-09-18 20:10:56 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-18 18:10
ComboFix2.txt 2013-09-18 17:07
ComboFix3.txt 2013-01-29 19:05
ComboFix4.txt 2013-01-29 18:24
.
Pre-Run: 9 033 973 760 bytes free
Post-Run: 8 875 749 376 bytes free
.
- - End Of File - - 92F7374577BDCD00A43B79BAA25785D0
A36C5E4F47E84449FF07ED3517B43A31

Smazáno, log již vypadá OK. Nastala nějaká změna?