VIRY.CZ

Dobrý den,
prosím o radu, zda-li se může jednat o adware. Na určitých stránkách mi vyskakuje tato reklama od Aldaniti- viz obrázek níže.
Dle nějakého návodu jsem si stáhl Adwcleaner, log, který mi vylezl zasílám níže:
# AdwCleaner v5.029 - Logfile created 12/01/2016 at 20:58:28
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : OEM - BARBONE
# Running from : C:\Users\OEM\Downloads\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\ProgramData\Rightapp software
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
[-] Folder Deleted : C:\Users\OEM\AppData\Local\DriverToolkit
[-] Folder Deleted : C:\Users\OEM\AppData\Roaming\dvdvideosoftiehelpers
[-] Folder Deleted : C:\Users\OEM\AppData\Roaming\OpenCandy
[-] Folder Deleted : C:\Users\OEM\AppData\Roaming\RHEng

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : LaunchSignup

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\DriverToolkit
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

***** [ Web browsers ] *****

Moc děkuji za případnou pomoc a hlavně trpělivost

Zdravím!
Dejte teď log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by OEM (administrator) on BARBONE (12-01-2016 23:02:09)
Running from C:\Users\OEM\Desktop
Loaded Profiles: OEM (Available Profiles: OEM & Martin & Guest)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(forum.viry.cz) C:\Users\OEM\Downloads\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-27] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\...\MountPoints2: {b982f11d-ad46-11e5-bec5-902b34a851f0} - "J:\Startme.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-27] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{977a23f4-3023-48f0-942c-d422233182b2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.tsbohemia.cz
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.tsbohemia.cz
SearchScopes: HKU\S-1-5-21-2807952467-2232687777-493216998-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&r ... {startPage}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-27] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-27] (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-2807952467-2232687777-493216998-1001 -> hxxp://www.seznam.cz/

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll [2014-07-06] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll [2014-07-06] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-13] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-28]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-27]

Chrome:
=======
CHR Profile: C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-27] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-27] (AVAST Software)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-01-22] (Samsung Electronics Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 23:02 - 2016-01-12 23:02 - 00009852 _____ C:\Users\OEM\Desktop\FRST.txt
2016-01-12 23:01 - 2016-01-12 23:01 - 00112640 _____ (forum.viry.cz) C:\Users\OEM\Downloads\FRSTLauncher.exe
2016-01-12 22:56 - 2016-01-12 23:01 - 02370560 _____ (Farbar) C:\Users\OEM\Desktop\FRST64.exe
2016-01-12 22:42 - 2016-01-12 22:42 - 00016148 _____ C:\WINDOWS\system32\BARBONE_OEM_HistoryPrediction.bin
2016-01-12 20:53 - 2016-01-12 20:53 - 01754112 _____ C:\Users\OEM\Downloads\adwcleaner_5.029.exe
2016-01-12 14:49 - 2016-01-12 14:50 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-09 15:36 - 2016-01-09 17:29 - 00000000 ____D C:\Users\OEM\Desktop\Hudba do porodnice
2016-01-07 19:11 - 2016-01-07 19:11 - 00016148 _____ C:\WINDOWS\system32\BARBONE_Martin_HistoryPrediction.bin
2015-12-27 19:02 - 2015-12-27 19:02 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-12-27 19:02 - 2015-12-27 19:02 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 23:02 - 2014-05-12 21:18 - 00000000 ____D C:\FRST
2016-01-12 21:17 - 2014-12-26 13:06 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-12 21:17 - 2014-01-08 21:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-12 21:14 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 21:03 - 2015-01-02 01:27 - 00000370 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2016-01-12 21:02 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-12 21:02 - 2014-11-09 20:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-12 20:59 - 2015-07-10 10:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-12 20:58 - 2014-05-11 19:54 - 00000000 ____D C:\AdwCleaner
2016-01-12 20:25 - 2015-08-07 12:24 - 01762290 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-12 20:25 - 2015-07-10 17:02 - 00745406 _____ C:\WINDOWS\system32\perfh005.dat
2016-01-12 20:25 - 2015-07-10 17:02 - 00149344 _____ C:\WINDOWS\system32\perfc005.dat
2016-01-12 20:25 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-12 20:23 - 2014-11-11 19:08 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B1A74607-510C-4EF5-B442-BEF32D0A2F80}
2016-01-12 19:47 - 2013-12-01 21:26 - 00000000 ____D C:\Users\OEM\Documents\ConvertXtoDVD
2016-01-12 14:53 - 2015-08-07 12:59 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-11 14:47 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-09 12:04 - 2015-07-10 12:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-07 17:40 - 2015-08-07 14:26 - 00002390 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-07 17:40 - 2014-11-10 08:47 - 00000000 ___RD C:\Users\Martin\OneDrive
2016-01-03 02:40 - 2015-07-10 12:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 02:40 - 2015-07-10 12:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 12:37 - 2013-12-07 22:21 - 00000000 ____D C:\ProgramData\Adobe
2015-12-31 12:37 - 2013-11-22 13:27 - 00000000 ____D C:\Users\OEM\AppData\Roaming\Adobe
2015-12-27 19:02 - 2015-07-10 10:05 - 00000000 ____D C:\Windows
2015-12-27 19:02 - 2014-05-06 08:57 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-12-27 19:02 - 2014-01-10 08:44 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-12-27 19:02 - 2013-11-29 07:28 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-27 19:01 - 2013-11-29 07:28 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-12-27 18:58 - 2015-07-10 13:20 - 00223288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 20:55 - 2015-03-22 19:48 - 00000000 ____D C:\Users\OEM\AppData\Roaming\AVI ReComp
2015-12-14 10:11 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-12-14 09:30 - 2015-08-07 15:44 - 00002381 _____ C:\Users\OEM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-14 09:30 - 2015-08-07 15:44 - 00000000 ___RD C:\Users\OEM\OneDrive

==================== Files in the root of some directories =======

2013-11-28 20:55 - 2013-11-28 20:55 - 0099384 _____ () C:\Users\OEM\AppData\Roaming\inst.exe
2014-01-08 21:02 - 2014-01-17 07:11 - 0000027 _____ () C:\Users\OEM\AppData\Roaming\msxrshhu.dat
2014-01-08 21:02 - 2014-01-17 07:11 - 0001664 _____ () C:\Users\OEM\AppData\Roaming\msxtaxne.dat
2013-11-28 20:55 - 2013-11-28 20:55 - 0007859 _____ () C:\Users\OEM\AppData\Roaming\pcouffin.cat
2013-11-28 20:55 - 2013-11-28 20:55 - 0001167 _____ () C:\Users\OEM\AppData\Roaming\pcouffin.inf
2013-11-28 20:55 - 2013-11-28 20:55 - 0082816 _____ (VSO Software) C:\Users\OEM\AppData\Roaming\pcouffin.sys
2014-03-29 23:59 - 2014-03-29 23:59 - 0007168 _____ () C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\OEM\AppData\Local\Temp\bassmod.dll
C:\Users\OEM\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:930.73 GB) (Free:160.94 GB) NTFS
Drive d: (VERBATIM HD) (Fixed) (Total:465.65 GB) (Free:83.15 GB) FAT32

Available physical RAM: 6237.1 MB
Total physical RAM: 8173.43 MB
Percentage of memory in use: 23%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: B36D2AB2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B592100C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\OEM\Desktop" je 996 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\...\MountPoints2: {b982f11d-ad46-11e5-bec5-902b34a851f0} - "J:\Startme.exe"
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OEM\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by OEM (2016-01-13 19:43:57) Run:2
Running from C:\Users\OEM\Desktop
Loaded Profiles: OEM (Available Profiles: OEM & Martin & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-2807952467-2232687777-493216998-1001\...\MountPoints2: {b982f11d-ad46-11e5-bec5-902b34a851f0} - "J:\Startme.exe"
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\OEM\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-2807952467-2232687777-493216998-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b982f11d-ad46-11e5-bec5-902b34a851f0}" => key removed successfully
HKCR\CLSID\{b982f11d-ad46-11e5-bec5-902b34a851f0} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\cdo" => key removed successfully
"HKCR\Wow6432Node\CLSID\{CD00020A-8B95-11D1-82DB-00C04FB1625D}" => key removed successfully
C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\OEM\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:44:04 ====

Smazáno. Nastala nějaká změna?

Ta reklama už tam neskáče. Děkuji moc za pomoc!!!

Rádo se stalo!