VIRY.CZ

Kouknete na to nekdo prosim, pripojil jsem dva HDD a nevim jestli se vir zase nerozjel? Dekuju

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by cOrnA (administrator) on UKRUTNOST-PC (02-04-2017 14:57:59)
Running from C:\Users\cOrnA\Desktop\ViR
Loaded Profiles: cOrnA (Available Profiles: cOrnA)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
() C:\UsbFix\UsbFix.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\RunOnce: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{C0442F51-0C83-4890-96F6-BAA0C786EB46}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{E109A109-F29E-4485-BD79-FF85CD7C8DA6}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-1086005725-1489657867-4169034137-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-28] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default [2017-04-02]
CHR Extension: (Prezentace Google) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-28]
CHR Extension: (Dokumenty Google) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-28]
CHR Extension: (Disk Google) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-28]
CHR Extension: (YouTube) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-28]
CHR Extension: (Tabulky Google) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-28]
CHR Extension: (Dokumenty Google offline) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-28]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-28]
CHR Extension: (Gmail) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\cOrnA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-03-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-04-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-02] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 14:29 - 2017-04-02 14:30 - 03820160 _____ (SOSVirus) C:\Users\cOrnA\Downloads\UsbFix.exe
2017-04-02 14:23 - 2017-04-02 14:23 - 00001448 _____ C:\Users\cOrnA\Desktop\UsbFix.lnk
2017-04-02 14:22 - 2017-04-02 14:22 - 03820152 _____ (SOSVirus) C:\Users\cOrnA\Downloads\UsbFix_9.039 (1).exe
2017-04-02 14:22 - 2017-04-02 14:22 - 01663904 _____ (Malwarebytes) C:\Users\cOrnA\Downloads\JRT.exe
2017-04-02 14:17 - 2017-04-02 14:17 - 03820152 _____ (SOSVirus) C:\Users\cOrnA\Downloads\UsbFix_9.039.exe
2017-04-02 00:04 - 2017-03-31 21:45 - 178264368 ____N C:\Users\cOrnA\Desktop\IMG_1285.mp4
2017-04-01 19:32 - 1970-01-01 02:00 - 180138298 ____N C:\Users\cOrnA\Desktop\IMG_1297.mp4
2017-04-01 16:16 - 2017-04-01 16:16 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2017-04-01 08:04 - 2017-04-01 09:08 - 00146660 _____ C:\Windows\ntbtlog.txt
2017-04-01 07:29 - 2017-04-01 07:29 - 00000000 ____D C:\Users\cOrnA\AppData\Roaming\MPC-HC
2017-04-01 07:27 - 2017-04-01 07:27 - 00001147 _____ C:\Users\cOrnA\Desktop\mpc-hc64.exe – zástupce.lnk
2017-04-01 07:27 - 2017-04-01 07:27 - 00000000 ____D C:\Users\cOrnA\Desktop\MPC-HC.1.7.11.x64
2017-04-01 07:26 - 2017-04-01 07:26 - 20043267 _____ C:\Users\cOrnA\Downloads\MPC-HC.1.7.11.x64.zip
2017-04-01 06:20 - 2015-02-04 05:16 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-04-01 06:20 - 2015-02-04 04:54 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-04-01 06:20 - 2013-10-12 04:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-04-01 06:20 - 2013-10-12 04:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-04-01 06:20 - 2013-10-12 04:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2017-04-01 06:20 - 2013-10-12 04:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-04-01 06:20 - 2013-10-12 04:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2017-04-01 06:20 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-01 00:39 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-01 00:39 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-01 00:39 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-01 00:39 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-01 00:39 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-01 00:39 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-01 00:39 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-01 00:39 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-01 00:39 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-03-31 12:29 - 2017-03-31 12:29 - 08687765 _____ C:\Users\cOrnA\Downloads\Xperia_Go_driver.zip
2017-03-31 12:24 - 2017-03-31 12:24 - 00001296 _____ C:\Users\cOrnA\Downloads\downloadinf_v1.01.zip
2017-03-31 12:12 - 2017-03-31 12:12 - 00001202 _____ C:\Users\cOrnA\Desktop\Emma.lnk
2017-03-31 12:12 - 2017-03-31 12:12 - 00000000 ____D C:\Users\cOrnA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Mobile
2017-03-31 12:11 - 2017-03-31 12:11 - 00000000 ____D C:\ProgramData\Oracle
2017-03-31 12:11 - 2017-03-31 12:11 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2017-03-31 12:06 - 2017-03-31 12:07 - 112452184 _____ C:\Users\cOrnA\Downloads\Flash_tool_for_Xperia_9.exe
2017-03-31 12:00 - 2017-03-31 12:02 - 00000000 ____D C:\Users\cOrnA\Desktop\16Gb
2017-03-31 11:55 - 2017-03-31 11:55 - 00000000 ____D C:\ProgramData\HP
2017-03-31 11:54 - 2017-03-31 11:54 - 00002008 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-03-31 11:54 - 2017-03-31 11:54 - 00000000 ____D C:\Users\cOrnA\AppData\Roaming\HPPSDr
2017-03-31 11:54 - 2017-03-31 11:54 - 00000000 ____D C:\Program Files (x86)\HP
2017-03-31 11:49 - 2017-03-31 11:51 - 01557208 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-03-31 11:42 - 2017-03-31 11:42 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2017-03-31 11:41 - 2017-03-31 11:41 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-03-31 11:39 - 2017-03-31 11:40 - 04057776 _____ (Oleg N. Scherbakov) C:\Users\cOrnA\Downloads\HPSupportSolutionsFramework-12.5.32.203.exe
2017-03-31 11:39 - 2017-03-31 11:39 - 10572472 _____ C:\Users\cOrnA\Downloads\HPPSdr.exe
2017-03-31 11:39 - 2017-03-31 11:39 - 01283432 _____ C:\Users\cOrnA\Downloads\dot4patch_reboot.exe
2017-03-31 11:28 - 2017-03-31 11:28 - 00031934 _____ C:\Users\cOrnA\Desktop\Diagnostika iTunes.spx
2017-03-31 11:20 - 2017-03-31 11:24 - 00000000 ____D C:\Users\cOrnA\AppData\Roaming\Apple Computer
2017-03-31 11:20 - 2017-03-31 11:20 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-31 11:20 - 2017-03-31 11:20 - 00000000 ____D C:\Users\cOrnA\AppData\Local\Apple Computer
2017-03-31 11:20 - 2017-03-31 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-31 11:19 - 2017-03-31 11:20 - 00000000 ____D C:\Program Files\iTunes
2017-03-31 11:19 - 2017-03-31 11:19 - 00000000 ____D C:\ProgramData\Apple Computer
2017-03-31 11:19 - 2017-03-31 11:19 - 00000000 ____D C:\Program Files\iPod
2017-03-31 11:18 - 2017-03-31 11:18 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-31 11:18 - 2017-03-31 11:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2017-03-31 11:18 - 2017-03-31 11:18 - 00000000 ____D C:\Users\cOrnA\AppData\Local\Apple
2017-03-31 11:18 - 2017-03-31 11:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-31 11:17 - 2017-03-31 11:18 - 00000000 ____D C:\ProgramData\Apple
2017-03-31 11:17 - 2017-03-31 11:17 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-31 11:17 - 2017-03-31 11:17 - 00000000 ____D C:\Program Files\Bonjour
2017-03-31 11:17 - 2017-03-31 11:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-31 11:12 - 2017-03-31 11:15 - 257659208 _____ (Apple Inc.) C:\Users\cOrnA\Downloads\iTunes64Setup.exe
2017-03-31 10:59 - 2017-03-31 10:59 - 00000000 ____D C:\Users\cOrnA\Desktop\wpd
2017-03-31 10:19 - 2017-03-31 10:18 - 00002116 _____ C:\Users\cOrnA\ipconfig.all.txt
2017-03-31 05:58 - 2017-04-02 14:06 - 00000000 ____D C:\Users\cOrnA\Desktop\ViR
2017-03-30 05:15 - 2017-03-31 10:15 - 00000000 ____D C:\Users\cOrnA\AppData\Local\ElevatedDiagnostics
2017-03-30 03:00 - 2012-07-26 06:55 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-03-30 03:00 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2017-03-30 03:00 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2017-03-30 03:00 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-03-29 23:20 - 2017-03-30 16:05 - 00000000 ___DC C:\Users\cOrnA\AppData\Local\MigWiz
2017-03-29 21:54 - 2017-03-29 21:54 - 00000000 ____D C:\Users\cOrnA\AppData\Local\VirtualStore
2017-03-29 21:45 - 2017-03-29 21:23 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-03-29 21:23 - 2017-03-29 21:40 - 00000000 ____D C:\zoek_backup
2017-03-29 20:53 - 2017-04-02 14:47 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-29 20:53 - 2017-04-02 14:47 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-29 20:53 - 2017-03-31 05:56 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-29 20:52 - 2017-04-02 14:47 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 20:52 - 2017-04-02 14:47 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-29 20:52 - 2017-03-31 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 20:52 - 2017-03-29 20:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 20:52 - 2017-03-29 20:52 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 20:52 - 2017-03-24 04:10 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-29 20:48 - 2017-03-31 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2017-03-29 20:48 - 2017-03-29 20:48 - 00000000 ____D C:\Program Files (x86)\HD Tune
2017-03-29 20:40 - 2017-03-31 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2017-03-29 20:40 - 2017-03-31 01:01 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2017-03-29 20:15 - 2017-03-31 01:01 - 00000000 ____D C:\AdwCleaner
2017-03-29 20:14 - 2017-03-29 20:14 - 00000000 ____D C:\USB File Resc
2017-03-29 19:57 - 2017-04-02 14:48 - 00000000 ____D C:\UsbFix
2017-03-29 19:56 - 2017-03-29 19:56 - 03820160 _____ (SOSVirus) C:\Users\cOrnA\Desktop\UsbFix_9.038.exe
2017-03-29 19:45 - 2017-03-29 19:45 - 00000000 ____D C:\rsit
2017-03-29 19:45 - 2017-03-29 19:45 - 00000000 ____D C:\Program Files\trend micro
2017-03-29 19:23 - 2017-04-02 14:57 - 00000000 ____D C:\FRST
2017-03-29 18:24 - 2017-03-29 18:25 - 00000000 ____D C:\Users\cOrnA\Desktop\tomahawk
2017-03-29 14:23 - 2012-02-17 08:38 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-03-29 14:23 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-03-29 14:23 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-03-29 14:23 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2017-03-29 14:23 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2017-03-28 21:28 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2017-03-28 21:28 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2017-03-28 21:28 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-03-28 21:28 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-03-28 21:28 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2017-03-28 21:28 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2017-03-28 21:28 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2017-03-28 21:28 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2017-03-28 15:13 - 2017-04-02 14:39 - 00000000 ____D C:\Windows\System32\Tasks\Úlohy prohlížeče událostí
2017-03-28 09:24 - 2017-03-28 09:24 - 00007605 _____ C:\Users\cOrnA\AppData\Local\Resmon.ResmonCfg
2017-03-28 07:48 - 2017-03-28 07:57 - 00000000 ____D C:\Users\cOrnA\AppData\Local\Google
2017-03-28 07:48 - 2017-03-28 07:48 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-28 07:48 - 2017-03-28 07:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-28 07:47 - 2017-03-28 07:48 - 00000000 ____D C:\Users\cOrnA\AppData\Local\Deployment
2017-03-28 07:47 - 2017-03-28 07:47 - 00000000 ____D C:\Users\cOrnA\AppData\Local\Apps\2.0
2017-03-28 07:46 - 2017-03-28 07:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-03-28 07:46 - 2017-03-28 07:46 - 00000000 ____D C:\Users\cOrnA\Desktop\Certifikat KB(8.3 (copy).2017)
2017-03-28 07:06 - 2017-03-28 07:06 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-03-28 03:17 - 2017-03-28 03:17 - 00000000 ____D C:\Users\cOrnA\AppData\Local\CEF
2017-03-28 03:16 - 2017-04-02 12:02 - 00000000 ____D C:\Users\cOrnA\AppData\Local\PokerStars.CZ
2017-03-28 03:16 - 2017-03-31 01:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.CZ
2017-03-28 03:16 - 2017-03-28 03:16 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.cz.lnk
2017-03-28 03:16 - 2017-03-28 03:16 - 00000000 ____D C:\Program Files (x86)\PokerStars.CZ
2017-03-27 17:26 - 2017-03-27 16:32 - 00000000 ____D C:\Windows\Panther
2017-03-27 16:57 - 2017-03-31 11:43 - 00058688 _____ C:\Users\cOrnA\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-27 16:33 - 2017-03-27 16:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-03-27 16:32 - 2017-03-31 10:19 - 00000000 ____D C:\Users\cOrnA
2017-03-27 16:32 - 2017-03-27 16:32 - 00001447 _____ C:\Users\cOrnA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-03-27 16:32 - 2017-03-27 16:32 - 00001413 _____ C:\Users\cOrnA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-03-27 16:32 - 2017-03-27 16:32 - 00000020 ___SH C:\Users\cOrnA\ntuser.ini
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Public\Documents\Obrázky
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Public\Documents\Hudba
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Public\Documents\Filmy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Šablony
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Poslední
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Okolní síť
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Dokumenty
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\Data aplikací
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Šablony
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Soubory cookie
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Poslední
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Okolní tiskárny
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Okolní síť
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Nabídka Start
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Dokumenty
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\Data aplikací
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 _SHDL C:\Users\cOrnA\AppData\Local\Data aplikací
2017-03-27 16:32 - 2017-03-27 16:32 - 00000000 ____D C:\Recovery3
2017-03-27 16:32 - 2010-11-21 11:38 - 00000000 ____D C:\Users\cOrnA\AppData\Roaming\Media Center Programs
2017-03-27 16:28 - 2017-03-27 16:28 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-03-27 16:28 - 2017-03-27 16:28 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-03-27 16:27 - 2017-03-27 16:27 - 00000000 _____ C:\Windows\system32\atiicdxx.dat
2017-03-27 16:27 - 2017-03-27 16:27 - 00000000 _____ C:\Windows\ativpsrm.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-02 14:54 - 2010-11-21 11:27 - 00668138 _____ C:\Windows\system32\perfh005.dat
2017-04-02 14:54 - 2010-11-21 11:27 - 00140798 _____ C:\Windows\system32\perfc005.dat
2017-04-02 14:54 - 2009-07-14 07:13 - 01582262 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-02 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-02 14:46 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-02 13:11 - 2009-07-14 06:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-02 13:11 - 2009-07-14 06:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-01 09:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-03-31 11:42 - 2009-07-14 06:45 - 00271408 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-31 11:29 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-03-31 01:02 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-31 01:01 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-03-31 01:01 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\addins
2017-03-31 01:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-03-31 01:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-03-31 01:01 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2017-03-31 01:01 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-31 01:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2017-03-31 01:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\security
2017-03-31 01:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2017-03-28 11:25 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-03-28 03:03 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2017-03-28 01:13 - 2010-11-21 11:38 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-03-28 01:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2017-03-27 17:26 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-03-27 16:32 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2017-03-27 16:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-03-27 16:27 - 2010-11-21 11:38 - 00000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2017-03-28 09:24 - 2017-03-28 09:24 - 0007605 _____ () C:\Users\cOrnA\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-27 17:43

==================== End of FRST.txt ============================

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\Program Files\Bonjour
HKLM-x32\...\RunOnce: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION

EmptyTemp:
End

Uložte do C:\Users\cOrnA\Desktop\ViR jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by cOrnA (02-04-2017 16:29:26) Run:3
Running from C:\Users\cOrnA\Desktop\ViR
Loaded Profiles: cOrnA (Available Profiles: cOrnA)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
C:\Program Files\Bonjour
HKLM-x32\...\RunOnce: [] => [X]
GroupPolicyScripts: Restriction <======= ATTENTION

EmptyTemp:
End
*****************

"C:\Program Files\Bonjour" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12728310 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 219496 B
Edge => 0 B
Chrome => 86136835 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 0 B
LocalService => 132244 B
NetworkService => 48766 B
cOrnA => 40183166 B

RecycleBin => 0 B
EmptyTemp: => 133.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 16:29:33 ====

Smazáno, log je již OK.

Nejsem si jistej stale mi ty disky bezi na 100% nemuze to byt nekde jinde?

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 02.04.17
Čas skenování: 20:15
Logovací soubor: 1.txt
Správce: Ano

-Informace o softwaru-
Verze: 3.0.6.1469
Verze komponentů: 1.0.96
Aktualizovat verzi balíku komponent: 1.0.1647
Licence: Zkušební

-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: uKrutnost-PC\cOrnA

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 334571
Uplynulý čas: 1 min, 52 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Po stránce malware je PC zcela čistý.

Dobře a ty kvoty to muze byt nejaky pozustatek? Nejdou odstranit zkusim to nejak vymyslet. Ted si rikam ze ta aktivita na disku ustala... Zatim moc diky

Možná ano.

Prosim koukni jeste tady. Stale je disk vytizen. Na pozadi pracuji ruzne autorizacni procesy meni se prava ke slozkam. Moc tomu nerozumim, ale mam pochybnost.

############################## | UsbFix V 9.040 | [Clean]

User: cOrnA (Administrator) # UKRUTNOST-PC
Updated 02/04/2017 by SOSVirus
Started at 14:40:16 | 03/04/2017

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

MB: ASUSTeK Computer INC. (P5Q)
CPU: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
RAM -> [Total : 4095 Mo | Free : 2252 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Google Chrome : 57.0.2987.110

################## | Security Information |

AV: Malwarebytes [Enabled |Updated]
AS: Malwarebytes [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 112 Gb (76 Gb free - 68%) [] # NTFS

################## | Generic Research |


################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
04 - [x64] HKLM\..\Run : [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
04 - [x64] HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[03/04/2017 - 14:19:12 | ASH | 3145000 Ko] - C:\hiberfil.sys
[03/04/2017 - 14:19:14 | ASH | 4193336 Ko] - C:\pagefile.sys
[02/04/2017 - 16:30:24 | D] - C:\Config.Msi
[29/03/2017 - 21:48:53 | A | 6 Ko] - C:\zoek-results.log
[03/04/2017 - 01:21:04 | N | 3 Ko] - C:\bootsqm.dat
[31/03/2017 - 01:01:22 | SHD] - C:\$RECYCLE.BIN
[14/07/2009 - 05:20:08 | D] - C:\PerfLogs
[14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
[27/03/2017 - 16:32:11 | D] - C:\Recovery3
[27/03/2017 - 16:32:15 | RD] - C:\Users
[29/03/2017 - 19:45:56 | D] - C:\rsit
[29/03/2017 - 20:14:59 | D] - C:\USB File Resc
[29/03/2017 - 21:40:50 | D] - C:\zoek_backup
[02/04/2017 - 15:56:23 | D] - C:\AdwCleaner
[02/04/2017 - 16:13:13 | RD] - C:\Program Files
[02/04/2017 - 19:14:59 | HD] - C:\ProgramData
[02/04/2017 - 21:42:49 | RD] - C:\Program Files (x86)
[03/04/2017 - 08:33:25 | D] - C:\Windows
[03/04/2017 - 08:33:35 | D] - C:\FRST
[03/04/2017 - 14:30:37 | D] - C:\UsbFix

Analysed in 14.46 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by cOrnA (03-04-2017 14:48:07)
Running from C:\Users\cOrnA\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2017-03-27 14:32:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1086005725-1489657867-4169034137-500 - Administrator - Disabled)
cOrnA (S-1-5-21-1086005725-1489657867-4169034137-1000 - Administrator - Enabled) => C:\Users\cOrnA
Guest (S-1-5-21-1086005725-1489657867-4169034137-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1086005725-1489657867-4169034137-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HP Support Solutions Framework (HKLM-x32\...\{83D9E6C0-5F20-49B4-9ACF-80A24A1A045D}) (Version: 12.5.32.203 - HP Inc.)
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Malwarebytes verze 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
PokerStars.cz (HKLM-x32\...\PokerStars.cz) (Version: - PokerStars.cz)
Sony Mobile Xperia Flash Tool (HKLM-x32\...\Xperia Flash Tool) (Version: 2.16.17.201612091557 - Sony Mobile Communications Inc.)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5.2949 - Simply Super Software)
UsbFix (HKLM-x32\...\Usbfix) (Version: 9.001 - www.SOSVirus.Net)
WinDirStat 1.1.2 (HKU\S-1-5-21-1086005725-1489657867-4169034137-1000\...\WinDirStat) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {417129C8-0E15-47FF-928F-8EAB7455D693} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-06] (HP Inc.)
Task: {42DFD0F8-F9A9-4B79-8FB3-2947C97B9E09} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {8EDBBA76-007C-4B62-A0F0-850DF3C9DD08} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {C494A976-B04C-4385-BB86-31518EE5AE06} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-28 07:48 - 2017-03-16 06:11 - 02885464 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libglesv2.dll
2017-03-28 07:48 - 2017-03-16 06:11 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.110\libegl.dll
2017-04-02 14:24 - 2017-04-02 14:24 - 01834048 _____ () C:\UsbFix\UsbFix.exe
2017-03-29 20:52 - 2017-03-24 04:09 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-29 20:52 - 2017-03-24 04:10 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [153]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-03-29 21:25 - 00000841 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1086005725-1489657867-4169034137-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\cOrnA\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A212D390-2A45-49B2-82A0-0DCEB8715884}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A2DCB775-ABF4-467F-B9DE-A572B1834FD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68320B4F-4D63-4512-84B7-E6C98F7650EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6149B9A8-7A1E-4F04-9704-FEC09D792A4A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49E3EAF4-3F8A-4EFF-B236-141F67E9903C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8EB9E3EA-4D9C-463B-9EB1-339BE76F049F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{594A972A-39A4-4885-B33B-3395391658D2}] => (Allow) C:\Users\cOrnA\AppData\Local\Temp\7zS674B\HPDiagnosticCoreUI.exe
FirewallRules: [{AED4F750-3069-4265-893B-9449B3B2E800}] => (Allow) C:\Users\cOrnA\AppData\Local\Temp\7zS674B\HPDiagnosticCoreUI.exe
FirewallRules: [{888BE021-0A3F-4362-82B6-5362D38C32F3}] => (Allow) C:\Program Files (x86)\Sony Mobile\Xperia Flash Tool\Emma.exe
FirewallRules: [{F87D4288-B2D0-4D1B-850C-AD2335AB3F7B}] => (Allow) C:\Program Files (x86)\Sony Mobile\Xperia Flash Tool\Emma.exe

==================== Restore Points =========================

31-03-2017 01:00:31 Operace obnovení
31-03-2017 10:03:53 Windows Zálohování
31-03-2017 10:07:14 Windows Zálohování
31-03-2017 10:09:44 Windows Zálohování
31-03-2017 10:14:37 Windows Zálohování
31-03-2017 11:18:59 Installed iTunes
31-03-2017 11:41:00 Installed HP Support Solutions Framework
31-03-2017 12:11:55 Installed Sony Mobile Drivers
31-03-2017 12:13:59 Installed Sony Mobile Drivers
01-04-2017 00:39:11 Windows Update
01-04-2017 06:42:30 Windows Update
02-04-2017 16:12:49 Removed Bonjour
02-04-2017 19:00:01 Windows Zálohování
03-04-2017 01:16:23 Instalační služba modulů systému Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2017 02:21:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/03/2017 08:13:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: DllHost.exe, verze: 6.1.7600.16385, časové razítko: 0x4a5bca54
Název chybujícího modulu: dskquota.dll, verze: 6.1.7600.16385, časové razítko: 0x4a5bdf17
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000091fd
ID chybujícího procesu: 0x136c
Čas spuštění chybující aplikace: 0x01d2ac4157b4c0dd
Cesta k chybující aplikaci: C:\Windows\system32\DllHost.exe
Cesta k chybujícímu modulu: C:\Windows\System32\dskquota.dll
ID zprávy: 9647c726-1834-11e7-948b-00221503c6b5

Error: (04/03/2017 07:51:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/03/2017 01:23:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (04/03/2017 01:11:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SLIC_Toolkit.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: KERNELBASE.dll, verze: 6.1.7601.17514, časové razítko: 0x4ce7bafa
Kód výjimky: 0x0eedfade
Posun chyby: 0x0000b727
ID chybujícího procesu: 0x158
Čas spuštění chybující aplikace: 0x01d2ac067f4df8fd
Cesta k chybující aplikaci: C:\Users\cOrnA\Downloads\SLIC_Toolkit.exe
Cesta k chybujícímu modulu: C:\Windows\syswow64\KERNELBASE.dll
ID zprávy: be5175fc-17f9-11e7-ad01-00221503c6b5

Error: (04/02/2017 11:39:33 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Instalace dokladu o zakoupení se nezdařila. 0xC004F015
Částečný klíč Pkey=W6G3M
ACID=bd61de01-6b6a-4756-8103-2978e8c5c980
Podrobná chyba[?]

Error: (04/02/2017 11:35:34 PM) (Source: Software Protection Platform Service) (EventID: 1017) (User: )
Description: Instalace dokladu o zakoupení se nezdařila. 0xC004F015
Částečný klíč Pkey=W6G3M
ACID=bd61de01-6b6a-4756-8103-2978e8c5c980
Podrobná chyba[?]

Error: (04/02/2017 10:47:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SLIC_Toolkit.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x4000001e
Posun chyby: 0x02722144
ID chybujícího procesu: 0x6a8
Čas spuštění chybující aplikace: 0x01d2abf25d6966a6
Cesta k chybující aplikaci: C:\Users\cOrnA\Downloads\SLIC_Toolkit.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 9c4d3930-17e5-11e7-ad01-00221503c6b5

Error: (04/02/2017 10:43:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SLIC_Toolkit.exe, verze: 0.0.0.0, časové razítko: 0x2a425e19
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x4000001e
Posun chyby: 0x02692144
ID chybujícího procesu: 0xbd4
Čas spuštění chybující aplikace: 0x01d2abf1b920a1c5
Cesta k chybující aplikaci: C:\Users\cOrnA\Downloads\SLIC_Toolkit.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 0296a6d6-17e5-11e7-ad01-00221503c6b5

Error: (04/02/2017 07:34:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (04/03/2017 02:40:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla neočekávaně ukončena. Tento stav nastal již 3krát.

Error: (04/03/2017 02:39:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 300000 milisekund: Restartovat službu.

Error: (04/03/2017 02:39:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/03/2017 02:39:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 2 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (04/03/2017 02:37:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Ochrana softwaru byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (04/03/2017 02:37:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (04/03/2017 02:37:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HP Support Solutions Framework Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/03/2017 02:37:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba iPod Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (04/03/2017 02:37:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Apple Mobile Device Service byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error: (04/03/2017 09:13:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Načtení \??\C:\Users\cOrnA\AppData\Local\Temp\mbr.sys bylo zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o kompatibilní verzi ovladače.


CodeIntegrity:
===================================
Date: 2017-04-03 09:13:15.456
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\cOrnA\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-03 09:13:15.440
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\cOrnA\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-02 19:06:48.749
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\cOrnA\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-04-02 19:06:48.739
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\cOrnA\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 39%
Total physical RAM: 4095.05 MB
Available physical RAM: 2473.3 MB
Total Virtual: 8188.31 MB
Available Virtual: 6177.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:76.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 0002E9E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Nic tam nevidím. Který proces disk nejvíce zatěžuje?