VIRY.CZ

zdravim a prosim o pomoc
avast kazdu chvilku vyhadzuje hlasku ze nieco zablokoval. (vid priloha)
Velke mnozstvo suborov dostalo koncovku crypt.

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Pravděpodobně jste se nakazil některým kryptovirem. Soubory (hlavně dokumenty) jsou zakryptovány a jejich dekryptování vyžaduje přímý přístup do vašeho PC, což nemáme právně ošetřeno. PO odvirování se budete muset obrátit na naše kolegy: https://neslape.cz/?utm_campaign=neslap ... ium=banner .

tie subory som si vsimol ale neboli este vsetky napadnute. Pri tvorbe logu, nebude vir napadat aj tie este zdrave subory?, kedze hlasky z avastu tam stale vyskakuju alebo ak uz je tam tak je to jedno?

Pokud tam ještě jsou nenapadené soubory, zazálohujte je třeba na flešku. To je jediná obrana. Jinak bych rád viděl ten log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 02
Ran by Olga (administrator) on LENOVO-SRNKOVA (06-05-2016 19:57:47)
Running from C:\Users\Olga\Desktop
Loaded Profiles: Olga (Available Profiles: Olga)
Platform: Windows 8.1 Connected (X64) Language: Angličtina (USA)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\QOMO\Flow!WorksDriver\Driver\Flow!Works_Server.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(forum.viry.cz) C:\Users\Olga\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276104 2014-05-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2014-02-27] (Realtek semiconductor)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [16094704 2014-10-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [10841584 2014-10-08] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-08] (AVAST Software)
HKLM-x32\...\Run: [Flow!WorksDriver] => C:\Program Files (x86)\QOMO\Flow!WorksDriver\Driver\Flow!Works_Server.exe [12185088 2013-07-24] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51662464 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\...\MountPoints2: {5abf307d-ff3b-11e5-8294-28d244fd949c} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files\Hightail\Hightail for Lenovo\YSINSE64.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-27] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [00001LenovoSyncComplete] -> {1E9CED2C-E7B4-4C47-B07A-25416393B67B} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00002LenovoSyncActive] -> {C1285F4D-918F-4EF2-BC94-CAD5B118C835} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00003LenovoSyncError] -> {CE5633DA-1488-4D1D-9A9B-B500297D4A8C} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
ShellIconOverlayIdentifiers-x32: [00004LenovoLocalOnly] -> {C7362DA9-D3AC-4C17-B2F5-2F1823FA04C3} => C:\Program Files (x86)\Hightail\Hightail for Lenovo\YSINSE.dll [2014-06-23] (Hightail Inc.)
Startup: C:\Users\Olga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series.lnk [2016-05-06]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{02A6D80A-26DB-4354-BDC0-2D8D20EE0132}: [DhcpNameServer] 150.204.1.2
Tcpip\..\Interfaces\{C9C1C053-98A1-4DE5-8C6F-F049F8E69553}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.centrum.sk/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3882085970-3820028837-70542819-1001 -> {F2D35DAE-4E5A-4BA8-B54A-2A379223294E} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-10-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-27] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-11]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.centrum.sk/
CHR StartupUrls: Default -> "hxxp://www.centrum.sk/"
CHR Profile: C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentácie Google) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-17]
CHR Extension: (Dokumenty Google) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-17]
CHR Extension: (Disk Google) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-15]
CHR Extension: (YouTube) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-15]
CHR Extension: (Google Search) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-15]
CHR Extension: (Tabuľky Google) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-17]
CHR Extension: (Dokumenty Google v režime offline) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-15]
CHR Extension: (Avast Online Security) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-06]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-06]
CHR Extension: (Gmail) - C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-27] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [130008 2014-01-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-10-08] (Lenovo(beijing) Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-07] ()
R2 LUService; C:\Program Files (x86)\Lenovo\Lenovo Updates\LUService.exe [38896 2014-02-18] (Lenovo(beijing) Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-18] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe [67856 2014-10-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-27] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-27] (AVAST Software)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1411384 2013-11-07] (Motorola Solutions, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 HHTHid; C:\Windows\System32\drivers\HHTHid.sys [8192 2011-11-29] (HHT-Tech)
R3 HHTHid_ArtvhMouFiltr; C:\Windows\System32\drivers\HHTHidMouFiltr.sys [7168 2011-11-29] (HHT-Tech)
R3 hhusb5; C:\Windows\system32\DRIVERS\hhusb5.sys [37944 2012-05-11] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [149448 2014-01-22] (Intel Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3443680 2014-06-01] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [9109720 2014-02-27] (Realtek Semiconductor Corp.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 19:57 - 2016-05-06 19:58 - 00018208 _____ C:\Users\Olga\Desktop\FRST.txt
2016-05-06 19:57 - 2016-05-06 19:57 - 00000000 ____D C:\FRST
2016-05-06 19:57 - 2016-05-06 19:32 - 00112640 _____ (forum.viry.cz) C:\Users\Olga\Desktop\FRSTLauncher.exe
2016-05-06 19:52 - 2016-05-06 19:52 - 00001879 _____ C:\Users\Olga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2016-05-06 19:40 - 2016-05-06 19:25 - 03615296 _____ C:\Users\Olga\Desktop\adwcleaner_5.115.exe
2016-05-06 19:40 - 2016-05-06 08:38 - 01610816 _____ (Malwarebytes) C:\Users\Olga\Desktop\JRT.exe
2016-05-06 19:40 - 2016-05-05 23:48 - 02379776 _____ (Farbar) C:\Users\Olga\Desktop\FRST64.exe
2016-05-05 20:55 - 2016-05-05 20:55 - 03615296 _____ C:\Users\Olga\Downloads\adwcleaner_5.115.exe
2016-05-05 20:54 - 2016-05-05 21:01 - 00000000 ____D C:\AdwCleaner
2016-05-05 20:52 - 2014-08-02 11:36 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Olga\Desktop\mbam-setup-1.75.0.1300.exe
2016-05-05 20:42 - 2016-05-05 20:42 - 01551174 ____T C:\Users\Olga\Desktop\de_crypt_readme.bmp
2016-05-05 20:42 - 2016-05-05 20:42 - 00003318 _____ C:\Users\Olga\Desktop\de_crypt_readme.html
2016-05-05 20:42 - 2016-05-05 20:42 - 00001641 _____ C:\Users\Olga\Desktop\de_crypt_readme.txt
2016-05-05 20:36 - 2016-05-05 20:36 - 00000003 _____ C:\ProgramData\6FE239B92BBB.dat
2016-05-05 20:35 - 2016-05-05 20:35 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2016-05-05 06:32 - 2016-05-05 20:42 - 00048816 _____ C:\Users\Olga\Desktop\Faktura_83071221_1126159385.pdf.crypt
2016-05-05 06:31 - 2016-05-05 20:44 - 00275189 _____ C:\Users\Olga\Desktop\Podrobny_vypis_83071221_1126159385_2622616_905381556.pdf.crypt
2016-05-04 12:50 - 2016-05-05 20:42 - 00011230 _____ C:\Users\Olga\Desktop\01.05.2016.docx.crypt
2016-04-28 07:46 - 2016-05-05 20:42 - 00010201 _____ C:\Users\Olga\Desktop\Moja mama od rána sa nikdy nezastaví.docx.crypt
2016-04-28 07:13 - 2016-05-05 20:46 - 00063128 _____ C:\Users\Olga\Desktop\srdiecko-obrazok.pdf.crypt
2016-04-27 08:19 - 2016-05-05 20:42 - 00010502 _____ C:\Users\Olga\Desktop\26.04.2016.docx.crypt
2016-04-25 21:18 - 2016-05-05 20:42 - 00009997 _____ C:\Users\Olga\Desktop\24.04.2016.docx.crypt
2016-04-25 16:25 - 2016-05-05 20:42 - 00010241 _____ C:\Users\Olga\Desktop\25.04.2016.docx.crypt
2016-04-25 15:49 - 2016-05-05 20:42 - 00000000 ____D C:\Users\Olga\Desktop\metodiky stadpedu
2016-04-24 22:45 - 2016-05-05 20:42 - 00092174 _____ C:\Users\Olga\Desktop\apríl_2017_(1).docx.crypt
2016-04-23 21:49 - 2016-05-05 20:42 - 00009983 _____ C:\Users\Olga\Desktop\23.04.2016.docx.crypt
2016-04-22 18:48 - 2016-05-05 20:42 - 00010427 _____ C:\Users\Olga\Desktop\22.04.2016.docx.crypt
2016-04-21 20:39 - 2016-05-05 20:42 - 00010099 _____ C:\Users\Olga\Desktop\21.04.2016.docx.crypt
2016-04-21 12:50 - 2016-05-05 20:44 - 00021636 _____ C:\Users\Olga\Desktop\Program ku Dňu matiek 2016.docx.crypt
2016-04-20 09:05 - 2016-04-20 09:05 - 00000000 ____D C:\Users\Olga\Desktop\školenia
2016-04-20 08:24 - 2016-05-05 20:42 - 00540140 _____ C:\Users\Olga\Desktop\5982_prijimanie_do_ms.pdf.crypt
2016-04-20 07:52 - 2016-04-20 07:52 - 00000000 ____D C:\Users\Olga\Desktop\Dopravné ihrisko Aupark
2016-04-20 07:51 - 2016-04-20 08:35 - 00000000 ____D C:\Users\Olga\Desktop\Rena
2016-04-19 20:15 - 2016-05-05 20:42 - 00010517 _____ C:\Users\Olga\Desktop\19.04.2016.docx.crypt
2016-04-19 13:57 - 2016-04-19 13:58 - 00000000 ____D C:\Users\Olga\Desktop\Šk VP rôzne MŠ
2016-04-18 19:48 - 2016-04-18 19:49 - 00000000 ____D C:\Users\Olga\Desktop\doklady Jojovi
2016-04-18 12:30 - 2016-05-05 20:42 - 00010594 _____ C:\Users\Olga\Desktop\18.04.2016.docx.crypt
2016-04-17 17:09 - 2016-05-05 20:42 - 00011101 _____ C:\Users\Olga\Desktop\17.04.2016.docx.crypt
2016-04-14 18:08 - 2016-04-14 18:09 - 00000000 ____D C:\Users\Olga\Desktop\zelená škola projekty
2016-04-14 18:06 - 2016-05-05 20:42 - 00534892 _____ C:\Users\Olga\Desktop\AgresĂ­vne dieĹĄa.pptx.crypt
2016-04-14 17:43 - 2016-05-05 20:42 - 00010844 _____ C:\Users\Olga\Desktop\14.04.2016.docx.crypt
2016-04-14 08:25 - 2016-04-14 08:25 - 00000000 ____D C:\ProgramData\DatacardService
2016-04-13 15:33 - 2016-05-05 20:46 - 00089600 _____ C:\Users\Olga\Desktop\SVP_ISCED0 fibonaci.doc.crypt
2016-04-11 19:56 - 2016-04-11 19:56 - 00132080 _____ C:\Users\Olga\Desktop\výplatný 03.2016.pdf
2016-04-07 18:16 - 2016-05-05 20:46 - 00328276 _____ C:\Users\Olga\Desktop\skvp_2015.pdf.crypt
2016-04-06 21:41 - 2016-05-05 20:44 - 04945418 _____ C:\Users\Olga\Desktop\SADÍME-ZELENINU...Natália-Renčková-Tereza.zip.crypt
2016-04-06 21:37 - 2016-04-06 21:37 - 01279695 _____ C:\Users\Olga\Desktop\URČOVANIE-MNOŽSTVA...Beata-Moravčíková-Tereza.zip
2016-04-06 21:32 - 2016-05-05 20:42 - 00119285 _____ C:\Users\Olga\Desktop\NA-KOZIČKU-A-ZÁHRADNÍKA...Sitár-Katarína.docx.crypt
2016-04-06 21:32 - 2016-04-06 21:32 - 08988870 _____ C:\Users\Olga\Desktop\AKO-KLÍČI-SEMIENKO...Alenka-Dubná.zip.0vsugtt.partial
2016-04-06 17:37 - 2016-05-05 20:42 - 00011845 _____ C:\Users\Olga\Desktop\MAMIČKY.docx.crypt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 19:59 - 2014-12-20 04:57 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{ACD9F6BA-F328-4F01-BF58-64ACD2D6A70B}
2016-05-06 19:54 - 2014-12-20 04:43 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3882085970-3820028837-70542819-1001
2016-05-06 19:51 - 2014-12-20 15:17 - 00000000 ____D C:\Users\Olga\AppData\Roaming\Skype
2016-05-06 19:50 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\migwiz
2016-05-06 19:49 - 2016-01-20 21:17 - 00000000 ___RD C:\Users\Olga\OneDrive
2016-05-06 19:49 - 2013-08-22 16:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-05-06 19:48 - 2014-10-08 10:45 - 00002560 _____ C:\windows\system32\VfService.trf
2016-05-06 19:47 - 2015-05-17 16:31 - 00000000 ____D C:\Users\Olga\AppData\Local\CrashDumps
2016-05-06 19:45 - 2014-12-20 14:49 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2016-05-06 19:43 - 2013-08-22 15:25 - 00262144 ___SH C:\windows\system32\config\BBI
2016-05-06 19:42 - 2014-03-18 11:53 - 00863592 _____ C:\windows\system32\PerfStringBackup.INI
2016-05-06 19:42 - 2013-08-22 15:36 - 00000000 ____D C:\windows\Inf
2016-05-05 21:01 - 2014-12-20 04:34 - 00000000 ____D C:\Users\Olga
2016-05-05 21:00 - 2015-08-04 10:13 - 00001279 _____ C:\Users\Olga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wi-FiHotspotChgToast.lnk
2016-05-05 21:00 - 2014-10-08 10:56 - 00000000 ____D C:\ProgramData\LU
2016-05-05 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\windows\AppReadiness
2016-05-05 20:58 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-05 20:51 - 2014-10-08 10:52 - 00000000 ____D C:\ProgramData\Energy Manager
2016-05-05 20:46 - 2016-02-29 21:46 - 00017580 _____ C:\Users\Olga\Desktop\tel.č.docx.crypt
2016-05-05 20:46 - 2015-08-21 21:45 - 00000000 ____D C:\Users\Olga\Desktop\skolka
2016-05-05 20:46 - 2015-06-22 15:08 - 02201600 _____ C:\Users\Olga\Desktop\Slzy_zeny_.pps.crypt
2016-05-05 20:44 - 2016-03-17 09:10 - 00000000 ____D C:\Users\Olga\Desktop\rady citáty
2016-05-05 20:44 - 2016-01-30 15:37 - 05178622 _____ C:\Users\Olga\Desktop\plat. stupnica.pdf.crypt
2016-05-05 20:44 - 2015-10-05 17:56 - 00000000 ____D C:\Users\Olga\Desktop\rozprávky
2016-05-05 20:44 - 2014-12-23 12:58 - 00000000 ____D C:\Users\Olga\Desktop\pc
2016-05-05 20:44 - 2014-12-20 15:04 - 00000974 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-05 20:42 - 2016-04-05 12:03 - 00000000 ____D C:\Users\Olga\Desktop\Blanka 29.03.2016
2016-05-05 20:42 - 2016-04-04 13:56 - 00000000 ____D C:\Users\Olga\Desktop\apríl 2016
2016-05-05 20:42 - 2016-03-31 21:35 - 00010697 _____ C:\Users\Olga\Desktop\31.03.2016.docx.crypt
2016-05-05 20:42 - 2016-03-30 16:28 - 00011592 _____ C:\Users\Olga\Desktop\30.03.2016.docx.crypt
2016-05-05 20:42 - 2016-03-07 13:22 - 00000000 ____D C:\Users\Olga\Desktop\MZ 2015-2016
2016-05-05 20:42 - 2016-03-05 13:44 - 00000000 ____D C:\Users\Olga\Desktop\marec 2016
2016-05-05 20:42 - 2016-02-06 09:33 - 00000000 ____D C:\Users\Olga\Desktop\február 2016
2016-05-05 20:42 - 2016-01-28 21:37 - 00015193 _____ C:\Users\Olga\Desktop\auto http.docx.crypt
2016-05-05 20:42 - 2016-01-17 13:45 - 00000000 ____D C:\Users\Olga\Desktop\december 2015
2016-05-05 20:42 - 2016-01-17 11:08 - 00000000 ____D C:\Users\Olga\Desktop\január 2016
2016-05-05 20:42 - 2016-01-04 19:23 - 00010072 _____ C:\Users\Olga\Desktop\Andrejke Splň sa všetko.docx.crypt
2016-05-05 20:42 - 2015-12-04 19:07 - 00010213 _____ C:\Users\Olga\Desktop\Nech máš život ako sen.docx.crypt
2016-05-05 20:42 - 2015-10-18 14:46 - 00247330 _____ C:\Users\Olga\Desktop\Milý Lukasko a.docx.crypt
2016-05-05 20:42 - 2015-09-24 17:12 - 07244288 _____ C:\Users\Olga\Desktop\FOTO_VE_SPRAVNY_OKAMZIK_04.PPS.crypt
2016-05-05 20:42 - 2015-09-12 14:04 - 00010228 _____ C:\Users\Olga\Desktop\MPC prihl..docx.crypt
2016-05-05 20:42 - 2015-09-05 19:51 - 00016820 _____ C:\Users\Olga\Desktop\http.docx.crypt
2016-05-05 20:42 - 2015-08-09 09:21 - 00000000 ____D C:\Users\Olga\Desktop\foto Andrejka a Miši
2016-05-05 20:42 - 2015-08-03 22:27 - 00010347 _____ C:\Users\Olga\Desktop\https argema.docx.crypt
2016-05-05 20:42 - 2014-12-23 12:58 - 00024576 _____ C:\Users\Olga\Desktop\názvy tematických celkov.doc.crypt
2016-05-05 20:42 - 2014-12-20 15:53 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-05-05 20:42 - 2014-10-08 10:32 - 00000000 ____D C:\ProgramData\OneKey Recovery
2016-05-05 20:41 - 2015-04-13 13:29 - 00000000 ____D C:\ProgramData\HHTDriver
2016-05-05 20:41 - 2014-12-20 04:37 - 00000000 ____D C:\Users\Olga\AppData\Local\VirtualStore
2016-05-05 18:25 - 2015-08-23 07:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-05 18:25 - 2014-12-20 15:17 - 00000000 ____D C:\ProgramData\Skype
2016-05-03 07:46 - 2014-12-20 15:10 - 00002238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-18 19:53 - 2015-09-16 13:25 - 00000000 ____D C:\Users\Olga\Desktop\trieda
2016-04-18 13:28 - 2015-02-09 09:58 - 00008192 _____ C:\Users\Olga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-14 08:32 - 2013-08-22 17:36 - 00000000 ____D C:\windows\system32\NDF
2016-04-14 07:20 - 2015-02-27 08:41 - 00000000 ____D C:\Users\Olga\Documents\výplatné lístky

==================== Files in the root of some directories =======

2015-02-09 09:58 - 2016-04-18 13:28 - 0008192 _____ () C:\Users\Olga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-05 20:36 - 2016-05-05 20:36 - 0000003 _____ () C:\ProgramData\6FE239B92BBB.dat
2014-12-26 14:59 - 2014-12-26 14:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-08 09:53 - 2014-10-08 09:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\6FE239B92BBB.dat


Some files in TEMP:
====================
C:\Users\Olga\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Olga\AppData\Local\Temp\libeay32.dll
C:\Users\Olga\AppData\Local\Temp\msvcr120.dll
C:\Users\Olga\AppData\Local\Temp\Quarantine.exe
C:\Users\Olga\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Olga\Desktop" je 30956 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.115 - Logfile created 06/05/2016 at 20:37:41
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 8.1 Connected (X64)
# Username : Olga - LENOVO-SRNKOVA
# Running from : C:\Users\Olga\Desktop\adwcleaner_5.115.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [946 bytes] - [05/05/2016 21:01:13]
C:\AdwCleaner\AdwCleaner[C2].txt - [794 bytes] - [06/05/2016 20:37:41]
C:\AdwCleaner\AdwCleaner[S1].txt - [785 bytes] - [05/05/2016 20:56:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [927 bytes] - [06/05/2016 20:34:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1010 bytes] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\...\MountPoints2: {5abf307d-ff3b-11e5-8294-28d244fd949c} - "F:\AutoRun.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3882085970-3820028837-70542819-1001 -> {F2D35DAE-4E5A-4BA8-B54A-2A379223294E} URL =
C:\Users\Olga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\6FE239B92BBB.dat
C:\ProgramData\DP45977C.lfl
C:\Users\Olga\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Z logu:

Velikost slozky "C:\Users\Olga\Desktop" je 30956 MB.

To je příliš mnoho a může to zpomalovat start systému. Vytvořte v C:\Users\Olga novou složku, do níž přesuňte věechna data z plochy (kromě zástupců). Na plochu si dejte pro snazší přístup zástupce té složky.

Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
Ran by Olga (2016-05-06 21:01:39) Run:1
Running from C:\Users\Olga\Desktop
Loaded Profiles: Olga (Available Profiles: Olga)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3882085970-3820028837-70542819-1001\...\MountPoints2: {5abf307d-ff3b-11e5-8294-28d244fd949c} - "F:\AutoRun.exe"
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3882085970-3820028837-70542819-1001 -> {F2D35DAE-4E5A-4BA8-B54A-2A379223294E} URL =
C:\Users\Olga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\ProgramData\6FE239B92BBB.dat
C:\ProgramData\DP45977C.lfl
C:\Users\Olga\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-3882085970-3820028837-70542819-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5abf307d-ff3b-11e5-8294-28d244fd949c}" => key removed successfully
HKCR\CLSID\{5abf307d-ff3b-11e5-8294-28d244fd949c} => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3882085970-3820028837-70542819-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F2D35DAE-4E5A-4BA8-B54A-2A379223294E}" => key removed successfully
HKCR\CLSID\{F2D35DAE-4E5A-4BA8-B54A-2A379223294E} => key not found.
C:\Users\Olga\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\ProgramData\6FE239B92BBB.dat => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully

"C:\Users\Olga\AppData\Local\Temp" folder move:

Could not move "C:\Users\Olga\AppData\Local\Temp" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-05-06 21:03:19)

C:\Users\Olga\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:03:20 ====

avast opakovane vyhadzuje okno...
objekt: http:rerobloketbo.com\adsc.php..
infekcia: url:mal
proces: c:windows\explorer.exe

Zkuste ještě tyto skeny:

1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.

a

2. Junkware removal tool: http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Olga on pi 06.05.2016 at 22:20:45,65.
Microsoft Windows 8.1 with Bing 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Olga\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6.5.2016 22:23:36 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~3\Office2013 deleted successfully
C:\Users\Olga\AppData\Local\Skype deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\windows\sysWoW64\config\systemprofile\.android deleted
C:\Users\Public\Pokki deleted
C:\windows\SysNative\config\systemprofile\AppData\Roaming\ETDCoInstaller.log deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Olga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk deleted
"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\081edf227c5b9b5" not deleted
"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\twain_32.dll" not deleted
"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11.12.2015 21:33]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[13.04.2015 13:37]

Avast Online Security - Olga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.sk/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.centrum.sk/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{DC7E665C-9F30-4B14-9E04-66C7D1FAD6A7}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{DC7E665C-9F30-4B14-9E04-66C7D1FAD6A7} Google Url="http://www.google.com/search?q={searchT ... utEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Olga\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Olga\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Olga\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Olga\AppData\Local\Microsoft\Windows\INetCache\Low\IE\N8QZL4VI will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Olga\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=5828 folders=143 355512461 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Olga\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Olga\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\081edf227c5b9b5" not found
"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}\twain_32.dll" not found
"C:\PROGRA~3\{F66CB4EE-546F-4D54-9332-216DE189AAB0}" not found
"C:\Users\Olga\AppData\Local\Microsoft\Windows\INetCache\Low\IE\N8QZL4VI" not found

==== EOF on pi 06.05.2016 at 22:53:34,39 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 8.1 Connected x64
Ran by Olga (Administrator) on pi 06.05.2016 at 22:57:19,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\windows\prefetch\DRIVER.TMP-23846C68.pf (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on pi 06.05.2016 at 23:04:38,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK. Nastala teď nějaká změna?

vyzera to uz dobre, avast nic nehlasi a s pc sa uz da pracovat.