.ink zavirovaný pc, mobil, flashdisk?

[lookeen]

Dobrý den,
chtěl bych požádat o pomoc, nastal problém při zapojení mobilního telefonu do firemního pc, okamžitě se veškeré soubory na SD kartě a vnitřním úložišti mobilu přepsaly na .ink (zástupci), avast v PC toto zpozoroval a neustále přežvykoval to samé, že našel trojského koně u xy souborů, bohužel jsem do tohoto samého PC vložil flashdisk, což mělo za následek opakování problému, veškeré soubory nyní .ink. V práci mi PC zkontrolovali, s verdiktem že je čistý, ovšem při testu flashky hlásilo přeformátovat, přitom když jsem jí zkoušel sám, tak mi to soubory sice skryté na flashce našlo. Poté mě napadlo mobil připojit doma kde mám NOD32, zde mi po otevření ukazuje komplet prázdnou kartu i prázdné vnitřní úložiště (v ovládacích panelech povoleno otevření skrytých souborů), ale vím že prázdná není, flashka to samé. Nevím u čeho začít, prosím o radu, posílám FRST PC z domu, děkuji:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by LkN (administrator) on LKN-PC (18-11-2016 22:46:29)
Running from D:\Image, programy
Loaded Profiles: LkN (Available Profiles: LkN)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Realtek Semiconductor) C:\Windows\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Viber Media S.à r.l.) C:\Users\LkN\AppData\Local\Viber\Viber.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RAVCpl64.exe [6430208 2008-07-03] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-06-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DLLSuite2016] => C:\Program Files (x86)\DLL Suite\DLLSuite.exe [7084904 2016-02-28] (VskSoft)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [USB AV] => C:\Program Files (x86)\USB Virus Cleaner\USBAV.exe
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8718176 2014-06-18] (Binary Fortress Software)
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\...\Run: [Viber] => C:\Users\LkN\AppData\Local\Viber\Viber.exe [45485648 2016-11-03] (Viber Media S.à r.l.)
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE [437248 2014-09-12] (ZONER software)
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
Startup: C:\Users\LkN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odeslat do OneNote.lnk [2016-01-10]
ShortcutTarget: Odeslat do OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 85.207.6.1
Tcpip\..\Interfaces\{12D96A9A-99CB-44C3-B81E-ABCF3FA83ACE}: [DhcpNameServer] 192.168.0.1 85.207.6.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1680313595-743145408-1906065216-1000 - DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
SearchScopes: HKU\S-1-5-21-1680313595-743145408-1906065216-1000 -> DefaultScope {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = hxxp://www.google.com/custom?q={searchTerms}&s ... BFORID%3A1
SearchScopes: HKU\S-1-5-21-1680313595-743145408-1906065216-1000 -> {FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD} URL = hxxp://www.google.com/custom?q={searchTerms}&s ... BFORID%3A1
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-09] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (Prezentace Google) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-09]
CHR Extension: (Dokumenty Google) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-09]
CHR Extension: (Disk Google) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-09]
CHR Extension: (YouTube) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-09]
CHR Extension: (Adblock Plus) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-28]
CHR Extension: (Vyhledávání Google) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-09]
CHR Extension: (Adobe Acrobat) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-10]
CHR Extension: (Tabulky Google) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-09]
CHR Extension: (Chrome Media Router) - C:\Users\LkN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5179760 2014-06-18] (Binary Fortress Software)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 MBAMService; D:\Image, programy\Malwarebytes Anti-Malware Premium 2.2.1.1043 Final Portable (CZ)\App\Malwarebytes\mbamservice.exe [1136608 2016-11-18] (Malwarebytes)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-06-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2015-01-26] (LG Electronics Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-01-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [46392 2016-01-09] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-10-10] (ESET)
S3 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [33184 2011-03-09] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 22:46 - 2016-11-18 22:46 - 00000000 ____D C:\FRST
2016-11-18 22:44 - 2016-11-18 22:44 - 00112640 _____ (forum.viry.cz) C:\Users\LkN\Desktop\Nepotvrzeno 681001.crdownload
2016-11-18 22:30 - 2016-11-18 22:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-18 22:30 - 2016-11-18 22:28 - 00027008 ____R (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-18 22:30 - 2016-11-18 22:27 - 00140672 ____R (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-18 22:30 - 2016-11-18 22:27 - 00065408 ____R (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-18 22:24 - 2016-11-18 22:24 - 00004999 _____ C:\Users\LkN\Desktop\UsbFix_Report.txt
2016-11-18 22:13 - 2016-11-18 22:13 - 00021517 _____ C:\Users\LkN\Desktop\[CzT]Malwarebytes_Anti_Malware_Premium_2_2_1_1043_Final_Portable_CZ_ (1).torrent
2016-11-18 22:11 - 2016-11-18 22:11 - 00021517 _____ C:\Users\LkN\Desktop\[CzT]Malwarebytes_Anti_Malware_Premium_2_2_1_1043_Final_Portable_CZ_.torrent
2016-11-18 22:03 - 2016-11-18 22:03 - 00012399 _____ C:\ComboFix.txt
2016-11-18 21:49 - 2016-11-18 21:49 - 00012566 _____ C:\Users\LkN\Desktop\combofix.txt
2016-11-18 21:21 - 2016-11-18 21:24 - 00002122 _____ C:\Users\LkN\Desktop\Rkill.txt
2016-11-17 17:18 - 2016-11-17 22:22 - 00002146 _____ C:\Users\LkN\Desktop\AdwCleaner[C0].txt
2016-11-17 17:12 - 2016-11-18 22:28 - 00000000 ____D C:\AdwCleaner
2016-11-17 17:00 - 2016-11-17 17:00 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-17 17:00 - 2016-11-17 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-17 17:00 - 2016-11-17 17:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-15 21:56 - 2016-11-15 21:56 - 00000000 ____D C:\Users\LkN\Documents\finance partners
2016-11-14 21:47 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-14 21:47 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-14 21:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-14 21:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-14 21:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-14 21:47 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-14 21:47 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-14 21:47 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-14 21:45 - 2016-11-18 22:03 - 00000000 ____D C:\Qoobox
2016-11-14 21:42 - 2016-11-14 21:42 - 00001448 _____ C:\Users\LkN\Desktop\UsbFix.lnk
2016-11-14 21:02 - 2016-11-14 21:02 - 00000000 ____D C:\Users\LkN\AppData\Roaming\Ashampoo
2016-11-14 20:58 - 2016-11-14 21:02 - 00000000 ____D C:\Users\LkN\AppData\Local\ashampoo
2016-11-14 20:58 - 2016-11-14 20:58 - 00001408 _____ C:\Users\LkN\Desktop\Ashampoo Burning Studio 16.lnk
2016-11-14 20:58 - 2016-11-14 20:58 - 00000214 _____ C:\Users\Public\Desktop\My Software Deals.url
2016-11-14 20:58 - 2016-11-14 20:58 - 00000000 ____D C:\Users\LkN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-11-14 20:57 - 2016-11-14 20:58 - 00000000 ____D C:\ProgramData\Ashampoo
2016-11-14 20:57 - 2016-11-14 20:57 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-11-14 20:54 - 2016-11-14 20:55 - 93697352 _____ (Ashampoo GmbH & Co. KG ) C:\Users\LkN\Desktop\ashampoo_burning_studio_16_e16.0.7_sm.exe
2016-11-14 20:46 - 2016-11-14 20:46 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2016-11-14 20:12 - 2016-11-14 20:12 - 00000496 _____ C:\Windows\cdplayer.ini
2016-11-14 20:12 - 2016-11-14 20:12 - 00000000 ____D C:\CDtoMP3Maker
2016-11-14 20:11 - 2016-11-14 20:11 - 00001207 _____ C:\Users\LkN\Desktop\CD to MP3 Maker.lnk
2016-11-14 20:11 - 2016-11-14 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD to MP3 Maker
2016-11-14 20:11 - 2016-11-14 20:11 - 00000000 ____D C:\Program Files (x86)\easetech
2016-11-14 20:10 - 2016-11-14 20:10 - 01630693 _____ ( ) C:\Users\LkN\Desktop\cdtomp3maker.exe
2016-11-14 20:08 - 2016-11-14 20:09 - 13145812 _____ (DVDVideoSoft Ltd. ) C:\Users\LkN\Desktop\Nepotvrzeno 685839.crdownload
2016-11-14 19:56 - 2016-11-14 19:56 - 00000000 ____D C:\Users\LkN\Desktop\02. Vlcata - S vlkem vlk_data
2016-11-14 19:25 - 2016-11-14 19:26 - 00527423 _____ ( ) C:\Users\LkN\Desktop\Lame_v3.99.3_for_Windows.exe
2016-11-14 19:16 - 2016-11-14 21:21 - 00000000 ____D C:\Users\LkN\AppData\Roaming\Audacity
2016-11-14 19:16 - 2016-11-14 20:55 - 00000000 ____D C:\Users\LkN\Desktop\Alice Zemánková, bydliště Odry Větrná 24
2016-11-14 19:16 - 2016-11-14 19:16 - 00000000 ____D C:\Users\LkN\AppData\Local\Audacity
2016-11-14 19:09 - 2016-11-14 19:16 - 93094013 _____ C:\Users\LkN\Desktop\Pisnicky-z-vecernicku-2.zip
2016-11-14 19:09 - 2016-11-14 19:13 - 52265227 _____ C:\Users\LkN\Desktop\PISNICKY-Z-POHADEK-A-VECERNICKU-2.rar
2016-11-14 19:08 - 2016-11-14 19:09 - 10921409 _____ C:\Users\LkN\Desktop\audacity-win-2.1.2.zip
2016-11-12 19:13 - 2016-11-12 19:13 - 00448512 _____ (OldTimer Tools) C:\Users\LkN\Desktop\TFC.exe
2016-11-09 21:25 - 2016-11-12 16:24 - 00000000 ____D C:\Users\LkN\AppData\Local\Viber
2016-11-04 21:57 - 2016-11-04 22:15 - 00000000 ____D C:\Users\LkN\Documents\geo
2016-10-29 16:14 - 2016-10-29 16:14 - 00000000 ____D C:\Users\LkN\AppData\Roaming\SolidDocuments
2016-10-29 16:13 - 2016-10-29 16:17 - 00000000 ____D C:\Users\LkN\Desktop\Nová složka (3)
2016-10-29 16:13 - 2016-10-29 13:07 - 00529578 _____ C:\Users\LkN\Desktop\16203-1026.pdf
2016-10-29 16:13 - 2016-10-29 13:07 - 00226732 _____ C:\Users\LkN\Desktop\16202-1026.pdf
2016-10-29 16:12 - 2016-10-29 16:12 - 01098229 _____ C:\Users\LkN\Desktop\na-161027-164-a4_AMA_Stará Bělá.pdf
2016-10-29 16:12 - 2016-10-29 16:12 - 00649905 _____ C:\Users\LkN\Desktop\prilohy_34187.zip
2016-10-25 18:43 - 2016-10-25 18:43 - 00825110 _____ C:\Users\LkN\Desktop\seat-leon-st-cenik-v04.pdf
2016-10-25 18:43 - 2016-10-25 18:43 - 00802906 _____ C:\Users\LkN\Desktop\seat-leon-5d-sc-cenik-v04.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 22:43 - 2010-11-21 10:27 - 00668542 _____ C:\Windows\system32\perfh005.dat
2016-11-18 22:43 - 2010-11-21 10:27 - 00141202 _____ C:\Windows\system32\perfc005.dat
2016-11-18 22:43 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 22:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-18 22:41 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 22:41 - 2009-07-14 05:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 22:38 - 2016-01-17 22:58 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-18 22:34 - 2016-07-19 19:27 - 00003490 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-18 22:33 - 2016-09-06 20:00 - 00000000 ____D C:\Users\LkN\AppData\Roaming\ViberPC
2016-11-18 22:33 - 2016-01-09 18:56 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-18 22:33 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-18 22:32 - 2016-01-09 20:22 - 00000000 ____D C:\Users\LkN\AppData\Roaming\uTorrent
2016-11-18 22:23 - 2016-01-09 18:56 - 00000952 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-18 22:13 - 2016-08-09 06:08 - 00000000 ____D C:\Users\LkN\AppData\LocalLow\uTorrent
2016-11-18 22:06 - 2016-01-09 21:45 - 00000000 ____D C:\Users\LkN\AppData\Local\CrashDumps
2016-11-18 22:01 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-11-17 16:51 - 2016-01-17 22:43 - 00000000 ____D C:\UsbFix
2016-11-15 21:43 - 2016-09-06 20:05 - 00000000 ____D C:\Users\LkN\Documents\ViberDownloads
2016-11-15 01:13 - 2016-01-09 18:58 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 01:13 - 2016-01-09 18:58 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 22:50 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-11-14 20:13 - 2005-05-11 15:56 - 00002413 _____ C:\Windows\CDtoMP3Maker.INI
2016-11-13 13:53 - 2016-01-10 11:33 - 00000000 ____D C:\Users\LkN\Documents\Soubory aplikace Outlook
2016-11-12 19:02 - 2016-01-09 21:17 - 00000000 ____D C:\Users\LkN\AppData\Roaming\DAEMON Tools Lite
2016-11-12 19:01 - 2016-08-09 18:56 - 00000000 ____D C:\Users\LkN\Desktop\Nová složka (2)
2016-11-12 13:42 - 2016-01-18 19:31 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-11-11 00:05 - 2016-01-10 09:37 - 00000000 ____D C:\Users\LkN\AppData\Roaming\vlc
2016-10-30 20:55 - 2016-01-09 18:56 - 00000000 ____D C:\Users\LkN\AppData\Local\Google

==================== Files in the root of some directories =======

2016-01-23 12:35 - 2016-01-23 12:35 - 0000017 _____ () C:\Users\LkN\AppData\Local\resmon.resmoncfg
2016-01-09 21:33 - 2016-01-09 21:33 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\LkN\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-20 13:41

==================== End of FRST.txt ============================

[Rudy]

Zdravím!
Flešku připojte a pusťte na ni USBFix: http://www.stahuj.centrum.cz/utility_a_ ... ve/usbfix/ . Pak na PC spusťte tuto utilitu:

Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.

[lookeen]

Zdravím,
takže jsem postupoval dle Vašeho návodu, posílám log:

# AdwCleaner v6.030 - Log soubor vytvořen 19/11/2016 na 16:50:54
# Aktualizováno dne 19/10/2016 z Malwarebytes
# Databáze : 2016-11-19.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : LkN - LKN-PC
# Beží od : C:\Users\LkN\Desktop\adwcleaner_6.030.exe
# Mod: Čištění
# Podpora : hxxps://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Adresáře ] *****



***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupce ] *****



***** [ Plánovač úloh ] *****



***** [ Registry ] *****



***** [ Prohlížeče ] *****



*************************

:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2169 Bajtů] - [17/11/2016 17:16:06]
C:\AdwCleaner\AdwCleaner[C2].txt - [883 Bajtů] - [19/11/2016 16:50:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [2273 Bajtů] - [17/11/2016 17:15:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [1545 Bajtů] - [18/11/2016 22:28:15]
C:\AdwCleaner\AdwCleaner[S2].txt - [1627 Bajtů] - [19/11/2016 16:50:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1178 Bajtů] ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\LkN\AppData\Local\Temp
Task: {8A284389-36AA-4D6A-AD99-714949A87A40} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
C:\Program Files\KMSnano
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
FirewallRules: [{6888A1BA-EBC4-4B15-ACF7-1CEDFE0F2FA7}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{AB6AFE8C-B68F-4DA8-A1E1-D429AE2C2470}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe

ResetHosts:
EmptyTemp:
End

Uložte do D:\Image, programy jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Příště sám nespouštějte ComboFix. Je to profesinální utilita, kterou si laik může poškodit oper. systém, nebo některou aplikaci.

[lookeen]

Posílám log, člověk zkouší, až když si neví rady ptá se, díky za poznámku.

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by LkN (19-11-2016 19:21:59) Run:1
Running from D:\Image, programy
Loaded Profiles: LkN (Available Profiles: LkN)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1680313595-743145408-1906065216-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\LkN\AppData\Local\Temp
Task: {8A284389-36AA-4D6A-AD99-714949A87A40} - System32\Tasks\Trigger KMS Activation => C:\Program Files\KMSnano\TriggerKMS.exe [2013-01-26] ()
C:\Program Files\KMSnano
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
FirewallRules: [{6888A1BA-EBC4-4B15-ACF7-1CEDFE0F2FA7}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe
FirewallRules: [{AB6AFE8C-B68F-4DA8-A1E1-D429AE2C2470}] => (Allow) C:\Program Files\KMSnano\qemu-system-i386.exe

ResetHosts:
EmptyTemp:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1680313595-743145408-1906065216-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully

"C:\Users\LkN\AppData\Local\Temp" folder move:

Could not move "C:\Users\LkN\AppData\Local\Temp" => Scheduled to move on reboot.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A284389-36AA-4D6A-AD99-714949A87A40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A284389-36AA-4D6A-AD99-714949A87A40}" => key removed successfully
C:\Windows\System32\Tasks\Trigger KMS Activation => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trigger KMS Activation" => key removed successfully
C:\Program Files\KMSnano => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6888A1BA-EBC4-4B15-ACF7-1CEDFE0F2FA7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB6AFE8C-B68F-4DA8-A1E1-D429AE2C2470} => value removed successfully
ResetHosts: => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15861455 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 300 B
Edge => 0 B
Chrome => 803955333 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 33058 B
LocalService => 0 B
NetworkService => 0 B
LkN => 22905136 B

RecycleBin => 0 B
EmptyTemp: => 811.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 19-11-2016 19:25:28)

C:\Users\LkN\AppData\Local\Temp => moved successfully

==== End of Fixlog 19:25:29 ====

[Rudy]

Smazáno. Co ten USBFix?

[lookeen]

Log usb fix ze včera:
############################## | UsbFix V 9.004 | [Research]

User: LkN (Administrator) # LKN-PC
Updated 17/11/2016 by SOSVirus
Started at 16:34:06 | 19/11/2016

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
RAM -> [Total : 4094 Mo | Free : 2088 Mo]
Boot: Normal boot

OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Google Chrome : 54.0.2840.99

################## | Security Information |

AV: ESET NOD32 Antivirus 8.0 [Enabled |Updated]
AS: Windows Defender [Enabled |(!) Outdated]
AS: ESET NOD32 Antivirus 8.0 [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 119 Gb (32 Gb free - 27%) [] # NTFS
D:\ -> Fixed disk # 466 Gb (8 Gb free - 2%) [Nový svazek] # NTFS
F:\ -> Removable disk # 7 Gb (5 Gb free - 70%) [PATRIOT 8GB] # NTFS

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKCU\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [Viber] "C:\Users\LkN\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKCU\..\Run : [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
04 - HKLM\..\Run : [DLLSuite2016] C:\Program Files (x86)\DLL Suite\DLLSuite.exe
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [USB AV] C:\Program Files (x86)\USB Virus Cleaner\USBAV.exe
04 - [x64] HKLM\..\Run : [RtHDVCpl] RAVCpl64.exe
04 - [x64] HKLM\..\Run : [Skytel] Skytel.exe
04 - [x64] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
04 - HKU\S-1-5-21-1680313595-743145408-1906065216-1000\..\Run : [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
04 - HKU\S-1-5-21-1680313595-743145408-1906065216-1000\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-21-1680313595-743145408-1906065216-1000\..\Run : [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-1680313595-743145408-1906065216-1000\..\Run : [Viber] "C:\Users\LkN\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKU\S-1-5-21-1680313595-743145408-1906065216-1000\..\Run : [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
04 - HKU\S-1-5-18\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
04GS - Odeslat do OneNote.lnk : C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE

################## | Generic Research |


Analysed in 753.0 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

[Rudy]

OK. Změnilo se něco?

[lookeen]

Situace se nezměnila. NOD32 nalezl na paměťovce mobilu např. trzDEE.tmp "trojský kůň"...

[Rudy]

Může ho smazat?

[lookeen]

Zdravím,
neměl jsem dnes tu FLASH u sebe tak jsem zkoušel mobil, takže NOD32 smazal viry jak z paměti mobilu tak z SD karty mobilu, po restartu PC a různých pokusů připojení a odpojení od PC se mi po kontrole antivirem už viry nezobrazují, ale stále se mi nezobrazují složky a soubory v nich uložené, přitom využité místo se zobrazuje tak jak má, tzn. že paměť mobilu ani microSD není prázdná.

[Rudy]

Zkuste na ni udělat checkdisk s autom. opravou chyb.

[lookeen]

Pořád stejné, prý je vše v pořádku, zkoušel jsem /f i /r

[Rudy]

Všiml jsem se, že u USB disku nebyl proveden Clean, nebo jste ho nedal do postu. Pokud jste ho neprovedl, zkuste to ještě jednou.