POmoc s odstraněním Crossrider.B, Injector.ECC a dalších

[vbobo]

Zdravím
Po zkušenostech s různými "removery" a pomocí na tomto fóru se na Vás obracím znovu.

Na PC (starém šrotu) mi běží aktualizovaný Eset. Každé spuštění je ale vypnuta rezidentní ochrana. Po zapnutí během několika minut nasází do karantény pár lumpíků (včera 25).
Mohl bych požádat o pomoc odstraněním?

Log FRST:

Kód: Vybrat vše

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2014
Ran by Kapoli (administrator) on BOBO-PC on 26-11-2014 08:06:52
Running from C:\Documents and Settings\Kapoli\Plocha
Loaded Profile: Kapoli (Available profiles: Kapoli & Vašek & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apache Software Foundation) C:\Complex-Web-Server-2\bin\apache\bin\httpd.exe
() C:\Complex-Web-Server-2\bin\mysql\bin\mysqld.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Apache Software Foundation) C:\Complex-Web-Server-2\bin\apache\bin\httpd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(BitTorrent Inc.) C:\Documents and Settings\Kapoli\Data aplikací\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Documents and Settings\Kapoli\Data aplikací\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5075104 2014-02-24] (ESET)
HKU\S-1-5-19\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
HKU\S-1-5-21-1993962763-1500820517-1177238915-1004\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2014-09-07] (Siber Systems)
HKU\S-1-5-21-1993962763-1500820517-1177238915-1004\...\Run: [uTorrent] => C:\Documents and Settings\Kapoli\Data aplikací\uTorrent\uTorrent.exe [1385808 2014-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-1993962763-1500820517-1177238915-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [KB976002-v5] => rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
Startup: C:\Documents and Settings\Kapoli\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Kapoli\Data aplikací\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\23556fb1360f366337f97c924e76ead3.exe (Censue)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\S-1-5-21-1993962763-1500820517-1177238915-1004 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M3CE8BC4C-9DBD-48D0-A873-C2DA0CDCAB70&SearchSource=58&CUI=&UM=6&UP=SPB24D8016-EF7A-4294-9529-0D6EDB9AEBFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-1993962763-1500820517-1177238915-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3321459&octid=EB_ORIGINAL_CTID&ISID=M3CE8BC4C-9DBD-48D0-A873-C2DA0CDCAB70&SearchSource=58&CUI=&UM=6&UP=SPB24D8016-EF7A-4294-9529-0D6EDB9AEBFC&q={searchTerms}&SSPV=
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-1993962763-1500820517-1177238915-1004 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2011-01-25] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Kapoli\Data aplikací\Mozilla\Firefox\Profiles\eiymmukw.default
FF Homepage: https://www.google.cz/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-09-07]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-09-08]
FF HKU\S-1-5-21-1993962763-1500820517-1177238915-1004\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.cz/"
CHR Profile: C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Rank Checker) - C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\hnhleeodcddckbbnpedmkkcpbhffpolb [2014-09-24]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (RoboForm) - C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-09-07]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-09-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2011-01-25] (Microsoft Corporation)
R2 CWS_Apache_80; C:\Complex-Web-Server-2\bin\apache\bin\httpd.exe [20549 2012-01-28] (Apache Software Foundation) [File not signed]
R2 CWS_MySQL_3306; C:\Complex-Web-Server-2\bin\mysql\bin\mysqld.exe [8186368 2012-07-20] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1343408 2014-02-24] (ESET)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-08] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-08] (globalUpdate) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-06] (Oracle Corporation)
R2 NwSapAgent; C:\WINDOWS\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files\Wise\Wise Care 365\BootTime.exe [580232 2013-12-09] (WiseCleaner.com)
S3 WO_LiveService2; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTunerService.exe [223600 2014-08-05] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2014-09-06] (Creative)
S3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [371712 2005-02-11] (Broadcom Corporation)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2011-01-25] (Microsoft Corporation)
R3 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [184664 2013-09-17] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [118768 2013-09-17] (ESET)
R2 LiveTuner2PM; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 11\LiveTuner32.sys [14088 2014-03-20] ()
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2014-09-06] (Creative Technology Ltd.)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R1 SCDEmu; C:\WINDOWS\system32\Drivers\SCDEmu.sys [116320 2014-06-27] (Power Software Ltd)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2011-01-25] (Microsoft Corporation)
R1 VD_FileDisk; C:\WINDOWS\system32\Drivers\VD_FileDisk.sys [24680 2011-01-26] (CaptainFlint Software)
U3 DfSdkS; No ImagePath
S4 IntelIde; No ImagePath
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2011-01-25] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 08:06 - 2014-11-26 08:07 - 00013171 _____ () C:\Documents and Settings\Kapoli\Plocha\FRST.txt
2014-11-26 08:06 - 2014-11-26 08:07 - 00000000 ____D () C:\FRST
2014-11-26 08:05 - 2014-11-26 08:05 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kapoli\Plocha\FRSTLauncher.exe
2014-11-26 08:04 - 2014-11-26 08:04 - 01110016 _____ (Farbar) C:\Documents and Settings\Kapoli\Plocha\FRST.exe
2014-11-25 20:21 - 2014-11-25 21:22 - 04443312 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2014-11-25 17:36 - 2014-11-25 17:37 - 00000790 _____ () C:\WINDOWS\setupapi.log
2014-11-24 17:33 - 2014-11-25 21:22 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-21 20:58 - 2014-11-21 23:02 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-11-21 20:58 - 2014-11-21 20:58 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-11-21 20:58 - 2014-11-21 20:58 - 00000000 _____ () C:\WINDOWS\Sti_Trace.log
2014-11-21 09:17 - 2014-11-23 09:17 - 00000978 _____ () C:\WINDOWS\AutoKMS.log
2014-11-20 21:02 - 2014-11-20 21:02 - 00002194 _____ () C:\Documents and Settings\Vašek\Dokumenty\cc_20141120_210249.reg
2014-11-20 20:41 - 2014-11-20 20:41 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
2014-11-20 20:41 - 2014-11-20 20:41 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\IObit
2014-11-20 20:38 - 2014-11-20 20:38 - 00000604 _____ () C:\Documents and Settings\Vašek\Dokumenty\cc_20141120_203821.reg
2014-11-20 09:17 - 2014-11-25 19:51 - 00000463 _____ () C:\Documents and Settings\Kapoli\Data aplikací\svchost.exe.tmp
2014-11-17 13:29 - 2014-11-23 09:17 - 00078848 _____ () C:\WINDOWS\KMSEmulator.exe
2014-11-16 10:57 - 2014-11-23 09:17 - 00000202 _____ () C:\WINDOWS\Tasks\AutoKMSDaily.job
2014-11-16 10:57 - 2014-11-16 10:57 - 00647168 _____ () C:\WINDOWS\AutoKMS.exe
2014-11-16 10:57 - 2014-11-16 10:57 - 00000184 _____ () C:\WINDOWS\AutoKMS.ini
2014-11-16 10:56 - 2014-11-25 18:08 - 00000000 ____D () C:\Program Files\Microsoft Office 2010 Aktivator
2014-11-16 10:56 - 2014-11-16 10:57 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Office 2010 Aktivator
2014-11-16 10:56 - 2014-11-16 10:56 - 00000000 ____D () C:\WINDOWS\system32\bitstreams
2014-11-16 10:56 - 2013-12-10 00:30 - 10236928 ____S () C:\WINDOWS\system32\acumncxtpso.exe
2014-11-16 10:56 - 2013-10-26 20:30 - 01704448 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\libeay32.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00972814 ____S () C:\WINDOWS\system32\dcgmncxtpso.exe
2014-11-16 10:56 - 2013-10-26 20:30 - 00538126 ____S () C:\WINDOWS\system32\libcurl-4.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00364544 ____S (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\system32\ssleay32.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00192512 ____S () C:\WINDOWS\system32\libidn-11.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00171008 ____S (The libssh2 library, http://www.libssh2.org/) C:\WINDOWS\system32\libssh2.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00133632 ____S () C:\WINDOWS\system32\librtmp.dll
2014-11-16 10:56 - 2013-10-26 20:30 - 00044727 ____S () C:\WINDOWS\system32\diablo130302.cl
2014-11-16 10:56 - 2013-10-26 20:30 - 00043810 ____S () C:\WINDOWS\system32\poclbm130302.cl
2014-11-16 10:56 - 2013-10-26 20:30 - 00030802 ____S () C:\WINDOWS\system32\diakgcn121016.cl
2014-11-16 10:56 - 2013-10-26 20:30 - 00023825 ____S () C:\WINDOWS\system32\scrypt130511.cl
2014-11-16 10:56 - 2013-10-26 20:30 - 00013062 ____S () C:\WINDOWS\system32\phatk121016.cl
2014-11-16 10:56 - 2013-07-18 16:06 - 00187904 ____S () C:\WINDOWS\system32\lcpmncxtpso.exe
2014-11-16 10:56 - 2013-06-12 15:15 - 00119888 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadGC2.dll
2014-11-16 10:56 - 2013-06-12 15:15 - 00100864 ____S () C:\WINDOWS\system32\zlib1.dll
2014-11-16 10:56 - 2012-09-25 23:46 - 00472424 ____S (NVIDIA Corporation) C:\WINDOWS\system32\cudart32_50_35.dll
2014-11-16 10:56 - 2012-05-27 01:36 - 00055808 ____S (Open Source Software community LGPL) C:\WINDOWS\system32\pthreadVC2.dll
2014-11-16 10:36 - 2014-11-25 19:47 - 00020936 _____ () C:\Documents and Settings\Vašek\Data aplikací\svchost.exe.tmp
2014-11-16 10:02 - 2014-06-23 12:04 - 00088064 _____ (Censue) C:\Documents and Settings\Vašek\Data aplikací\svchost.exe
2014-11-15 13:42 - 2014-11-15 13:42 - 00000000 ____D () C:\Documents and Settings\Kapoli\Local Settings\Data aplikací\ESET
2014-11-14 18:33 - 2014-11-14 18:33 - 00000818 _____ () C:\Documents and Settings\Kapoli\Nabídka Start\µTorrent.lnk
2014-11-10 16:52 - 2014-11-10 16:52 - 00000000 ____D () C:\Program Files\FDRLab
2014-11-10 16:52 - 2014-11-10 16:52 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\save2pc
2014-11-06 19:58 - 2014-11-06 19:58 - 00106760 _____ () C:\Documents and Settings\Vašek\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2014-11-06 17:07 - 2014-11-06 17:07 - 00000000 ____D () C:\Documents and Settings\Vašek\Nabídka Start\Programy\The KMPlayer
2014-11-05 19:52 - 2014-11-05 19:52 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty\Filmy
2014-10-27 18:55 - 2014-11-20 20:31 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\TeamViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-26 08:07 - 2014-09-06 11:44 - 00000000 ____D () C:\Documents and Settings\Kapoli\Data aplikací\uTorrent
2014-11-26 08:07 - 2014-09-06 09:35 - 00000000 ____D () C:\Documents and Settings\Kapoli\Local Settings\Temp
2014-11-26 08:06 - 2014-09-06 09:35 - 00000000 ____D () C:\Documents and Settings\Kapoli\Plocha
2014-11-26 08:01 - 2014-10-12 21:33 - 00201855 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-26 07:57 - 2014-09-06 18:28 - 00000000 ___RD () C:\Documents and Settings\Kapoli\Dokumenty\Dropbox
2014-11-26 07:57 - 2014-09-06 12:05 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\Wise Care 365
2014-11-26 07:57 - 2014-09-06 11:47 - 00000000 ____D () C:\Documents and Settings\Kapoli\Data aplikací\Dropbox
2014-11-26 07:56 - 2014-09-06 11:57 - 00000000 ____D () C:\Documents and Settings\Vašek\Local Settings\Temp
2014-11-26 07:56 - 2014-09-06 09:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-26 07:56 - 2008-04-14 12:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-11-25 22:10 - 2014-09-06 09:35 - 00000178 ___SH () C:\Documents and Settings\Kapoli\ntuser.ini
2014-11-25 22:10 - 2014-09-06 09:34 - 00032614 _____ () C:\WINDOWS\SchedLgU.Txt
2014-11-25 22:02 - 2014-09-08 19:32 - 00000512 _____ () C:\WINDOWS\Tasks\Math Problem Solver CPU.job
2014-11-25 21:28 - 2014-09-06 11:12 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 21:22 - 2014-09-06 10:37 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-11-25 21:22 - 2014-09-06 10:37 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-11-25 21:22 - 2014-09-06 09:35 - 00000000 ___RD () C:\Documents and Settings\Kapoli\Nabídka Start\Programy\Po spuštění
2014-11-25 21:21 - 2014-09-07 21:00 - 00000000 ____D () C:\Documents and Settings\Kapoli\Data aplikací\vlc
2014-11-25 20:38 - 2014-09-08 19:33 - 00000884 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-11-25 19:52 - 2014-09-06 09:35 - 00000000 __RHD () C:\Documents and Settings\Kapoli\Data aplikací
2014-11-25 19:47 - 2014-09-08 21:20 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\vlc
2014-11-25 19:47 - 2014-09-06 11:57 - 00000178 ___SH () C:\Documents and Settings\Vašek\ntuser.ini
2014-11-25 18:22 - 2014-09-08 19:33 - 00000000 ____D () C:\Program Files\Apps Hat
2014-11-25 17:41 - 2014-09-06 11:57 - 00000000 ___RD () C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění
2014-11-25 17:37 - 2014-09-06 12:16 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\uTorrent
2014-11-24 19:37 - 2014-09-06 12:04 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-11-24 18:19 - 2014-09-06 11:57 - 00000000 ___RD () C:\Documents and Settings\Vašek\Dokumenty
2014-11-23 17:26 - 2014-09-06 11:57 - 00000000 ____D () C:\Documents and Settings\Vašek\Plocha
2014-11-23 16:49 - 2014-09-14 17:49 - 00091136 ___SH () C:\Documents and Settings\Vašek\Plocha\Thumbs.db
2014-11-23 09:59 - 2014-09-09 09:43 - 00000000 ____D () C:\Documents and Settings\Kapoli\Data aplikací\XnView
2014-11-21 17:04 - 2014-10-13 19:25 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\Skype
2014-11-21 14:07 - 2014-09-08 19:30 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\Seznam.cz
2014-11-20 20:42 - 2014-09-13 17:28 - 00000000 ____D () C:\Program Files\sXe Injected
2014-11-20 20:41 - 2014-09-06 11:57 - 00000000 __RHD () C:\Documents and Settings\Vašek\Data aplikací
2014-11-20 20:41 - 2014-09-06 10:58 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2014-11-20 20:31 - 2014-09-06 12:04 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\AIMP3
2014-11-20 20:31 - 2014-09-06 11:57 - 00000000 ____D () C:\Documents and Settings\Vašek
2014-11-16 23:36 - 2014-09-09 18:20 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-11-16 10:58 - 2014-09-06 10:58 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-11-16 10:03 - 2014-09-06 11:57 - 00000000 ___HD () C:\Documents and Settings\Vašek\Šablony
2014-11-15 13:42 - 2014-09-06 09:35 - 00000000 ___HD () C:\Documents and Settings\Kapoli\Local Settings\Data aplikací
2014-11-15 08:57 - 2014-09-06 11:51 - 00000000 ____D () C:\Documents and Settings\Kapoli\Nabídka Start\Programy\Dropbox
2014-11-14 18:33 - 2014-09-06 11:45 - 00000000 ____D () C:\Program Files\uTorrent
2014-11-14 18:33 - 2014-09-06 09:35 - 00000000 ___RD () C:\Documents and Settings\Kapoli\Nabídka Start
2014-11-09 21:06 - 2014-10-08 22:29 - 00019968 _____ () C:\Documents and Settings\Vašek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-06 19:58 - 2014-09-06 11:57 - 00000000 ___HD () C:\Documents and Settings\Vašek\Local Settings\Data aplikací
2014-11-06 17:07 - 2014-09-06 11:57 - 00000000 ___RD () C:\Documents and Settings\Vašek\Nabídka Start\Programy
2014-11-06 16:49 - 2014-09-30 10:43 - 00000000 ____D () C:\Documents and Settings\Vašek\Local Settings\Data aplikací\Adobe
2014-11-05 19:52 - 2014-09-06 10:58 - 00000000 ___RD () C:\Documents and Settings\All Users\Dokumenty
2014-11-05 18:42 - 2014-09-06 11:57 - 00000788 _____ () C:\Documents and Settings\Vašek\Nabídka Start\Programy\Windows Media Player.lnk
2014-11-05 18:42 - 2014-09-06 09:27 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-10-28 18:23 - 2014-09-06 12:40 - 00000000 ____D () C:\Documents and Settings\Vašek\Data aplikací\HEXelon

Some content of TEMP:
====================
C:\Documents and Settings\Kapoli\Local Settings\Temp\DOrtFatltikQEHeGUaSX.DLL
C:\Documents and Settings\Kapoli\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcwevxu.dll
C:\Documents and Settings\Kapoli\Local Settings\Temp\utt102.tmp.exe
C:\Documents and Settings\Vašek\Local Settings\Temp\Uninstall.exe
C:\Documents and Settings\Vašek\Local Settings\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Díky za Váš čas a pomoc

[JaRon]

ahoj
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

ziadne logy nedavaj do code

[vbobo]

Díky za pomoc, ale nezdařilo se.
Bohužel při každém z celkem šesti pokusů cca 5 minut po záloze registrů zatuhnutí PC (nechal jsem to i dvě hodiny), pomohlo pouze vypnutí natvrdo.
Eset se mi úplně vypnout nepovedlo, pouze deaktivovat moduly.
Jiná možnost by se nenašla?
Díky

[JaRon]

skus spustit CF v nudzovom rezime PC

[vbobo]

Chvilku jsem se k tomu nedostal.
Zkusil jsem to v nouzáku a po cca 10 min opět tvrdý zásek. Nechal jsem to hodinu a nehnuly se ani hodiny.
Jiný způsob není?

[JaRon]

vycisti PC s MBAM - V1.75 - log sem

[vbobo]

Hotovo, log připojuji.
Projel jsem to ale neaktualizovanou verzí, protože pokusy o aktualizaci končily každý asi 15-ti chybovkami i v případě stažení verze přímo z webu výrobce.

Protokol:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.04.04.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Kapoli :: BOBO-PC [administrátor]

Ochrana: Zakázána

5.12.2014 16:18:45
MBAM-log-2014-12-05 (16-27-38).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 244512
Uplynulý čas: 8 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 4
C:\WINDOWS\system32\antiwpa.dll5B3B39 (PUP.Wpakill) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\AutoKMS.exe (Riskware.Keygen) -> Nebyla provedena žádná instrukce.
C:\WINDOWS\KMSEmulator.exe (RiskWare.Tool.CK) -> Nebyla provedena žádná instrukce.
C:\Documents and Settings\Vašek\Data aplikací\svchost.exe (Trojan.Agent) -> Nebyla provedena žádná instrukce.

(konec)

[JaRon]

nuz mam pocit, ze na tomto PC nie je nic legalne
doporucujem najdene nechaj odstranit v MBAM - restart PC

[vbobo]

Díky za pomoc, už je to asi OK.
Dobré věci si kupuji (Adobe, Corel ...). Lidé, kteří to staví musí být z něčeho živi tak jako já. Z tohoto důvodu jsem se také rozhodl přispět za Vaší dokonalou a bezplatnou pomoc.
Ale za tu nesmyslnou komerční zhovad*lost, kterou Gates zaplavil svět, jménem Wokna nehodlám utratit ani jedinou korunu i kdyby stála 100,- Kč.
Pokud je něco za prachy a pracuje na tom gigantický tým programátorů, MUSÍ to být dokonalé. Nikdo mi nevymluví, že děravost Woken nemá ani trochu komerční podtext.
Dokud budou bezplatné operační systémy nesrovnatelně lepší a bezpečnější než tahle pomsta 20. století, nebudu za ní platit.
Už tak jsem nas...., že jí musím bohužel občas zapnout.

[JaRon]

rad som pomohol
Lock