Problém s presunutím vírusov do truhly

[otter]

Dobrý deň, mám antivírus Avast! a v tento deň som si dal úplný test systému s najvyššou prioritou, výkonom, úplný test rootkitov, veď to poznáte, skrátka najdôkladnejší test, aký sa dá v Avaste nastaviť. No a Avast mi našiel 26 infikovaných súborov. Počkal som si, kým test skončí a išiel som s nimi pracovať. Skúšal som ich automaticky opraviť, ale napísalo to tam: Chyba: prístup je odmietnutý (5). Skúšal som ich všetky opraviť a napísalo sa tam to isté. Tak som ich skúšal všetky presunúť do truhly a napísalo sa tam Chyba: Požiadavka nie je podporovaná (50). Tak som ich skúšal odstrániť a napísalo sa tam presne to isté, čo v prípade Automaticky opraviť a Opraviť. Viem, že som relatívne v bezpečí (Avast drží všetky tie vírusy), ale aj tak by som bol najradšej, keby som ich mal v truhle. Ak chcete vedieť, o aké súbory a vírusy presne ide, tak vám môžem povedať aj to. Súbory sú každý iný, takže ak chcete, môžem vám ich neskôr nadiktovať. Ale vírus je u každého súboru rovnaký. Vírus sa volá Rootkit:hidden file. Ešte to umiestnenie súboru: všetky tie súbory majú začiatočnú adresu C:Windows:WinSxS. Ďalej je to už u každého iné. Dúfam, že mi pomôžete vyriešiť môj problém a tie súbory sa podarí presunúť do truhly.

[motji]

Zdravím
Poprosím o log z Frstu a o jaké soubory se jedná

[otter]

Stiahol som si FRST, ale vyskočilo tam nejaké okno s nejakou správou v angličtine a tlačidlá Áno alebo Nie. Dal som Nie a FRST sa vyplo. Nešlo by to aj bez týchto utilít? Myslím si, že už máme problém pod dohľadom, Avast už všetkých 26 vírusov predsa chytil. Pokiaľ ide o tie súbory, mnohé majú veľmi dlhý názov a dosť zložité názvy.

[otter]

Znova som FRST spustil (mimochodom, zbadal som, že sú tam dva FRST, jeden sa volá FRST a druhý FRST (1), s tým snáď nebudú problémy). Opíšem vám radšej všetko, čo sa dialo od momentu, kedy som ho spustil. Objavila sa obrazovka, že Windows ochránil počítač, a že ten súbor je nedôveryhodný, či čo. Vlastne, keď som to chcel stiahnuť, objavilo sa to isté. Vtedy som dal OK, ale potom som si prečítal, že je to falošný poplach, tak som to opäť spustil a povolil som to. No dobre, vráťme sa do prítomnosti. Tak som to teda aj teraz povolil a objavila sa hláška, či chcem tomu programu povoliť vykonávanie zmien v počítači. Zvolil som Áno. No a objavilo sa to okno s tou hláškou. Urobil som Print Screen a pomocou tlačidla Nie som znova zatvoril FRST. Dám vám tu celý obsah tej hlášky.

Disclaimer of warranty!

This software is provider "AS IS" without warranty of any kid. You may use this software at your own risk.

The tool is made to run of Windows XP, Windows Vista, Windows 7 and Windows 8 (x64).

Important note. This tool is free.
To have an autorized and updated copy of the tool please make sure you download the tool from the following link:

http://www.bleepingcomputer.com/downloa ... -scan-tool

Are you sure you want to continue?

Click Yes to continue. Click No to exit.

[otter]

Podarilo sa mi už preskenovať FRST a teraz tam mám dva logy testov: FRST a Addition. Podľa návodu, ktorý je tu na fóre som sem vložil FRST. Musím však povedať, že vzhľadom k bezpečnosti a k tomu, že niekto pomocou tohto scanu môže objaviť, aké súbory mám na ploche, som z tohto logu niekoľko súborov vymazal. Nemusíte sa báť, išlo len o zložky, ktoré som sám vytvoril, viete, ja PC využívam najmä k školským prácam a to je prísne dôverné. Zaiste to pochopíte. Tak teda, tu je log FRST.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 01
Ran by PC (administrator) on TRACER on 14-08-2014 12:41:34
Running from C:\Users\PC\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-29] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk -> C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odoslanie do programu OneNote.lnk
ShortcutTarget: Odoslanie do programu OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PC\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFD20A68097B7CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.119.113.244 87.244.248.13 217.119.113.245

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\PC\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-14]

Chrome:
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Dokumenty Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Disk Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Vyhledávání Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (avast! Online Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-14]
CHR Extension: (Peněženka Google) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [44992 2012-02-09] ()
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 12:41 - 2014-08-14 12:41 - 00012407 _____ () C:\Users\PC\Downloads\FRST.txt
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\FRST
2014-08-14 10:41 - 2014-08-14 10:41 - 02100224 _____ (Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
2014-08-14 10:40 - 2014-08-14 10:40 - 02100224 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-08-09 09:47 - 2014-08-09 09:47 - 00079749 _____ () C:\Users\PC\Downloads\Desktop.rar
2014-08-09 09:17 - 2014-08-09 09:17 - 00026203 _____ () C:\Users\PC\Downloads\ComboFix.zip
2014-08-07 20:22 - 2014-08-07 20:22 - 00038167 _____ () C:\Users\PC\Downloads\69851_2of2 (2).xml.gz
2014-08-07 20:21 - 2014-08-07 20:21 - 00038167 _____ () C:\Users\PC\Downloads\69851_2of2 (1).xml.gz
2014-08-03 08:39 - 2014-08-03 08:52 - 00000893 _____ () C:\Users\PC\Documents\hosts.txt
2014-08-01 21:01 - 2014-08-01 21:01 - 00059190 _____ () C:\Users\PC\Downloads\Nový objekt - Rastrový obrázek.bmp
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Unity
2014-07-31 19:04 - 2014-07-31 19:04 - 00000000 ____D () C:\Users\PC\AppData\Local\Unity
2014-07-31 15:23 - 2014-07-31 19:08 - 00179200 ___SH () C:\Users\PC\Downloads\Thumbs.db
2014-07-15 18:51 - 2014-07-15 18:51 - 00983552 _____ () C:\Users\PC\Downloads\zoznam-post-a-otvaracie-hodiny.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-14 12:41 - 2014-08-14 12:41 - 00012407 _____ () C:\Users\PC\Downloads\FRST.txt
2014-08-14 12:41 - 2014-08-14 12:41 - 00000000 ____D () C:\FRST
2014-08-14 12:41 - 2014-04-15 02:51 - 01528750 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 12:34 - 2014-04-14 21:57 - 00000942 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-14 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-14 11:04 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-14 10:41 - 2014-08-14 10:41 - 02100224 _____ (Farbar) C:\Users\PC\Downloads\FRST64 (1).exe
2014-08-14 10:40 - 2014-08-14 10:40 - 02100224 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2014-08-14 10:16 - 2014-04-14 21:44 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{537EBF51-F9E7-4A8B-AE3C-494D304D8EB5}
2014-08-14 10:13 - 2014-04-14 21:46 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2748475735-860348028-345027796-1001
2014-08-14 10:10 - 2014-04-14 21:58 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-14 10:08 - 2014-04-14 22:54 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-08-14 10:08 - 2014-04-14 21:57 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 10:07 - 2014-04-14 21:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-14 10:07 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 10:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-14 09:59 - 2014-04-17 16:24 - 01624576 ___SH () C:\Users\PC\Desktop\Thumbs.db
2014-08-14 09:59 - 2014-04-14 21:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 09:18 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-14 08:46 - 2014-04-14 23:02 - 00001082 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-08-13 13:11 - 2014-05-18 15:14 - 00006144 _____ () C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-11 15:55 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 11:08 - 2014-07-02 12:52 - 00000000 ____D () C:\Users\PC\Desktop\Počítač
2014-08-09 13:45 - 2014-05-07 18:29 - 00000000 ____D () C:\Users\PC\Desktop\Obrázky (1)
2014-08-09 13:38 - 2013-09-30 06:20 - 01658450 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-09 13:38 - 2013-09-30 05:57 - 00704248 _____ () C:\Windows\system32\perfh005.dat
2014-08-09 13:38 - 2013-09-30 05:57 - 00143628 _____ () C:\Windows\system32\perfc005.dat
2014-08-09 13:33 - 2013-08-22 16:46 - 00023928 _____ () C:\Windows\setupact.log
2014-08-09 09:47 - 2014-08-09 09:47 - 00079749 _____ () C:\Users\PC\Downloads\Desktop.rar
2014-08-09 09:17 - 2014-08-09 09:17 - 00026203 _____ () C:\Users\PC\Downloads\ComboFix.zip
2014-08-07 20:22 - 2014-08-07 20:22 - 00038167 _____ () C:\Users\PC\Downloads\69851_2of2 (2).xml.gz
2014-08-07 20:21 - 2014-08-07 20:21 - 00038167 _____ () C:\Users\PC\Downloads\69851_2of2 (1).xml.gz
2014-08-03 08:52 - 2014-08-03 08:39 - 00000893 _____ () C:\Users\PC\Documents\hosts.txt
2014-08-03 08:43 - 2014-04-26 18:59 - 00000000 ___RD () C:\Users\PC\Documents\Notes
2014-08-01 21:01 - 2014-08-01 21:01 - 00059190 _____ () C:\Users\PC\Downloads\Nový objekt - Rastrový obrázek.bmp
2014-08-01 13:51 - 2014-04-14 21:40 - 00000000 ____D () C:\Users\PC\AppData\Local\Packages
2014-07-31 19:11 - 2014-07-31 19:11 - 00000000 ____D () C:\Users\PC\AppData\Roaming\Unity
2014-07-31 19:08 - 2014-07-31 15:23 - 00179200 ___SH () C:\Users\PC\Downloads\Thumbs.db
2014-07-31 19:04 - 2014-07-31 19:04 - 00000000 ____D () C:\Users\PC\AppData\Local\Unity
2014-07-30 21:16 - 2014-04-24 17:11 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 21:15 - 2014-04-24 17:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 10:53 - 2014-04-24 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-15 18:51 - 2014-07-15 18:51 - 00983552 _____ () C:\Users\PC\Downloads\zoznam-post-a-otvaracie-hodiny.xls

Some content of TEMP:
====================
C:\Users\PC\AppData\Local\Temp\35223135.exe
C:\Users\PC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplitpqi.dll
C:\Users\PC\AppData\Local\Temp\ICReinstall_FileExtractorSetup.exe
C:\Users\PC\AppData\Local\Temp\PidGenX.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-06 20:37

==================== End Of Log ============================

[otter]

Dávam vám tu aj dva odkazy na Letecku postu, kde som nahral Print Screeny, aké súbory to vlastne našlo.

http://leteckaposta.cz/440582960

http://leteckaposta.cz/494761511

[motji]

Co ten combofix? Spouštěl jste ho? Jinak combofix byste neměl používat bez dozoru rádce

[otter]

To nie je normálny program ComboFix, to je text report z ComboFix. Viete, ja som si už dlhšie na tomto fóre prezeral témy a v jednom bol odkaz na log ComboFixu, tak som si to zo zvedavosti pozrel. No a už sa to uložilo do Downloads. Je to iba textový súbor, nemusíte sa báť.

[motji]

Oki, ještě mrkneme po virech jiným prográmkem



Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem

Stáhněte AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/
-Uložte program na plochu a ukončete všechny spuštěné programy .
-spusťte AdwCleaner, klikněte na Scan a po dokončení skenu na Clean
- provede se oprava, restartuje se pc - (případně restartujte) a objeví se log C:\AdwCleaner\AdwCleaner.txt , obsah logu zkopírujte zde.

[otter]

V prípade Junkware Remove Tool to dopadlo neúspešne. Už si to presne nepamätám, ale tuším po stiahnutí vyskočilo také čierne okno, tam som postupoval podľa vašich pokynov. Zhruba za 2 sekundy bol test hotový a okno som zatvoril. Log som ale nenašiel.

Ale v prípade AdwCleaner som dopadol úspešnejšie. Stiahol som si to, dal som si Scan. Test bol trocha pomalší ako pri FRST. Po dokončení skenu som dal Clean. Vyskočilo pár okien, u všetkých som zvolil Áno. Počítač sa reštartoval a po reštarte vyskočil nasledujúci log:


# AdwCleaner v3.305 - Report created 14/08/2014 at 19:30:42
# Updated 14/08/2014 by Xplode
# Operating System : Windows 8.1 Pro (64 bits)
# Username : PC - TRACER
# Running from : C:\Users\PC\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks
Folder Deleted : C:\Program Files (x86)\Tweaks

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks File Extractor

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1260 octets] - [14/08/2014 19:29:36]
AdwCleaner[S0].txt - [1151 octets] - [14/08/2014 19:30:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1211 octets] ##########

[otter]

Už sa mi podarilo urobiť test aj s Junkware Removal Tool. Test bol dosť pomalý a dokopy nič neodhalil. Keby ste chceli log, tak tu je.


Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Pro x64
Ran by PC on çt 14.08.2014 at 21:52:51,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on çt 14.08.2014 at 21:58:07,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[motji]

Tak, pc vypadá čistě. Já si myslím, že v případě Avastu šlo o nějakou falešnou detekci na některé soubory Microsoftu. Jak to s pc ted vypadá?

[otter]

Nuž, Avast tie súbory stále nevie opraviť, presunúť do truhly ani odstrániť. V jeho správaní vlastne od začiatku liečenia nenastala žiadna zmena. Možno išlo o planý poplach, ale čo mám robiť teraz? Pracovať s tými súbormi nemôžem, a obnoviť ich tiež nie. Keby sa mi podarilo presunúť tie súbory do Truhly, odtiaľ by bola možnosť obnoviť ich, dokonca ich aj obnoviť a pridať do výnimiek, ale Avast ich nevie presunúť do truhly. Keď ich tam chcem presunúť, píše mi: Chyba: Požiadavka nie je podporovaná (50).

[motji]

Napíšu Vám zprávu, vyzvedněte si ji nahoře v sz

[otter]

Dobre.