Prosím o kontrolu - pomalý start PC Vyřešeno

[naro]

ComboFix 17-02-24.01 - Blaster 10.03.2017 11:39:23.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.7371.5545 [GMT 1:00]
Spuštěný z: c:\users\Blaster\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\WindowsGABRIOLA.tt2
D:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-02-10 do 2017-03-10 )))))))))))))))))))))))))))))))
.
.
2017-03-10 10:52 . 2017-03-10 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-09 15:10 . 2017-03-09 15:10 -------- d-----w- C:\zoek
2017-03-09 13:19 . 2017-03-10 10:28 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-03-09 13:18 . 2017-03-09 13:18 -------- d-----w- c:\users\Blaster\AppData\Local\Zemana
2017-03-07 09:03 . 2017-03-07 09:03 -------- d-----w- c:\program files\Common Files\DESIGNER
2017-03-07 08:44 . 2016-08-08 13:31 1852112 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-03-05 20:34 . 2017-03-09 13:13 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-03-05 20:19 . 2017-03-05 21:14 -------- d-----w- c:\programdata\RogueKiller
2017-03-05 20:15 . 2017-03-05 20:15 -------- d-----w- c:\programdata\Sophos
2017-03-03 19:22 . 2017-03-03 19:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{937B8BC7-F49E-42A4-AD20-C231E9DEDA03}\offreg.3464.dll
2017-03-03 18:20 . 2017-03-05 19:45 -------- d-----w- C:\AdwCleaner
2017-02-24 17:02 . 2017-02-24 17:02 -------- d-----w- C:\Windows Server 2016 DataCenter Nano VHD
2017-02-24 12:56 . 2016-09-30 00:11 69104 ----a-w- c:\windows\system32\vsocklib.dll
2017-02-24 12:56 . 2016-09-30 00:11 65008 ----a-w- c:\windows\SysWow64\vsocklib.dll
2017-02-24 12:56 . 2016-09-30 00:11 93248 ----a-w- c:\windows\system32\drivers\vsock.sys
2017-02-24 12:56 . 2016-11-11 22:16 88128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2017-02-24 12:56 . 2016-11-11 22:22 366664 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2017-02-24 12:56 . 2016-11-11 22:22 400968 ----a-w- c:\windows\SysWow64\vmnat.exe
2017-02-24 12:56 . 2016-11-11 22:05 66624 ----a-w- c:\windows\system32\vnetinst.dll
2017-02-24 12:56 . 2016-11-11 22:05 44096 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2017-02-24 12:56 . 2016-11-11 22:05 45632 ----a-w- c:\windows\system32\drivers\vmnet.sys
2017-02-24 12:56 . 2016-11-11 22:21 1148488 ----a-w- c:\windows\system32\vnetlib64.dll
2017-02-24 12:56 . 2016-09-06 17:48 83008 ----a-w- c:\windows\system32\drivers\hcmon.sys
2017-02-24 12:55 . 2017-02-24 12:55 -------- d-----w- c:\program files (x86)\Common Files\ThinPrint
2017-02-24 12:55 . 2017-02-24 12:55 -------- d-----w- c:\program files\Common Files\VMware
2017-02-24 12:54 . 2017-02-24 12:55 -------- d-----w- c:\program files (x86)\Common Files\VMware
2017-02-23 16:27 . 2017-03-10 10:28 -------- d-----w- c:\users\Blaster\AppData\Roaming\Smart PC Solutions
2017-02-19 13:22 . 2017-02-19 13:22 30976 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-02-19 13:12 . 2017-02-19 13:12 639728 ----a-w- c:\windows\system32\msvcp140.dll
2017-02-19 13:12 . 2017-02-19 13:12 334616 ----a-w- c:\windows\system32\concrt140.dll
2017-02-19 13:12 . 2017-02-19 13:12 244504 ----a-w- c:\windows\SysWow64\concrt140.dll
2017-02-19 13:11 . 2017-02-19 13:11 458016 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-02-19 13:11 . 2017-02-19 13:11 89328 ----a-w- c:\windows\system32\vcruntime140.dll
2017-02-19 13:11 . 2017-02-19 13:11 443632 ----a-w- c:\windows\SysWow64\msvcp140.dll
2017-02-19 13:10 . 2017-02-19 13:10 85744 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2017-02-19 13:09 . 2017-02-19 13:09 394504 ----a-w- c:\windows\system32\vccorlib140.dll
2017-02-19 13:09 . 2017-02-19 13:09 271104 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2017-02-19 12:53 . 2017-02-19 12:53 259792 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-02-11 16:20 . 2017-02-11 17:55 -------- d-----w- c:\users\Blaster\AppData\Roaming\tor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-10 09:01 . 2015-08-17 17:21 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-03-02 23:18 . 2016-10-06 11:51 51248 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 78600 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 35328 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-03-02 23:18 . 2015-08-18 08:59 176968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 148104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-02-20 00:47 . 2015-08-18 08:49 4510400 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-02-15 11:52 . 2015-08-18 15:05 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-15 11:52 . 2015-08-18 15:05 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-23 10:27 . 2016-11-16 11:19 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-07 10:16 . 2012-07-17 12:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-12-25 19:24 . 2015-11-26 13:11 6656 ----a-w- c:\windows\system32\lpcio.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-12-29 61896]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2017-03-02 909744]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-10-23 708496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FileZillaServer;FileZillaServer;c:\xampp\filezillaftp\filezillaserver.exe;c:\xampp\filezillaftp\filezillaserver.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Tomcat7;Apache Tomcat Tomcat7;c:\xampp\tomcat\bin\tomcat7.exe;c:\xampp\tomcat\bin\tomcat7.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys;c:\windows\SYSNATIVE\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys;c:\windows\SYSNATIVE\Drivers\HPub4DE3.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - ESProtectionDriver
.
Obsah adresáře 'Naplánované úlohy'
.
2017-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18 11:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.upce.cz/CACHE/stc/4/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Blaster\AppData\Roaming\Mozilla\Firefox\Profiles\0jawrvp4.default\
.
.
------- Asociace souborů -------
.
.txt=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-SOS_Agent - c:\program files (x86)\Steganos Online Shield\OnlineShieldClient.exe
Wow6432Node-HKU-Default-Run-SOS Browser Monitor - c:\program files (x86)\Steganos Online Shield\SteganosBrowserMonitor.exe
SafeBoot-MBAMService
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{845380e2-f0b5-4584-bc40-cc54345b3c06} - c:\programdata\Package Cache\{845380e2-f0b5-4584-bc40-cc54345b3c06}\Avira.OE.Setup.Bundle.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4} - c:\programdata\Package Cache\{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4}\wdexpress_full.exe
AddRemove-{e46eca4f-393b-40df-9f49-076faf788d83} - c:\programdata\Package Cache\{e46eca4f-393b-40df-9f49-076faf788d83}\VC_redist.x64.exe
AddRemove-{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4} - c:\programdata\Package Cache\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}\sdksetup.exe
AddRemove-UnityWebPlayer - c:\users\Blaster\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2017-03-10 11:55:02
ComboFix-quarantined-files.txt 2017-03-10 10:55
.
Před spuštěním: Volných bajtů: 162 620 493 824
Po spuštění: Volných bajtů: 161 766 121 472
.
- - End Of File - - BC41FA6DF46D3C470A82F06B90D80064
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[naro]

Zoek běžel přes 5 hodin, je to běžné, že to trvá tak dlouho?

[jaro3]

Někdy trvá i déle.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_221.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[naro]

ComboFix 17-02-24.01 - Blaster 11.03.2017 11:27:26.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1033.18.7371.5656 [GMT 1:00]
Spuštěný z: c:\users\Blaster\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Blaster\Desktop\CFScript.txt
AV: Avira Antivirus *Disabled/Updated* {B3F630BD-538D-1B4A-14FA-14B63235278F}
SP: Avira Antivirus *Disabled/Updated* {0897D159-75B7-14C4-2E4A-2FC449B26D32}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2017-02-11 do 2017-03-11 )))))))))))))))))))))))))))))))
.
.
2017-03-11 10:40 . 2017-03-11 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-03-09 15:10 . 2017-03-09 15:10 -------- d-----w- C:\zoek
2017-03-09 13:19 . 2017-03-10 11:58 -------- d-----w- c:\program files (x86)\Zemana AntiMalware
2017-03-09 13:18 . 2017-03-09 13:18 -------- d-----w- c:\users\Blaster\AppData\Local\Zemana
2017-03-07 09:03 . 2017-03-07 09:03 -------- d-----w- c:\program files\Common Files\DESIGNER
2017-03-07 08:44 . 2016-08-08 13:31 1852112 ----a-w- c:\program files\Common Files\Microsoft Shared\ClickToRun\ClientTelemetry.dll
2017-03-05 20:34 . 2017-03-09 13:13 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-03-05 20:19 . 2017-03-05 21:14 -------- d-----w- c:\programdata\RogueKiller
2017-03-05 20:15 . 2017-03-05 20:15 -------- d-----w- c:\programdata\Sophos
2017-03-03 19:22 . 2017-03-03 19:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{937B8BC7-F49E-42A4-AD20-C231E9DEDA03}\offreg.3464.dll
2017-03-03 18:20 . 2017-03-05 19:45 -------- d-----w- C:\AdwCleaner
2017-02-24 17:02 . 2017-02-24 17:02 -------- d-----w- C:\Windows Server 2016 DataCenter Nano VHD
2017-02-24 12:56 . 2016-09-30 00:11 69104 ----a-w- c:\windows\system32\vsocklib.dll
2017-02-24 12:56 . 2016-09-30 00:11 65008 ----a-w- c:\windows\SysWow64\vsocklib.dll
2017-02-24 12:56 . 2016-09-30 00:11 93248 ----a-w- c:\windows\system32\drivers\vsock.sys
2017-02-24 12:56 . 2016-11-11 22:16 88128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2017-02-24 12:56 . 2016-11-11 22:22 366664 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2017-02-24 12:56 . 2016-11-11 22:22 400968 ----a-w- c:\windows\SysWow64\vmnat.exe
2017-02-24 12:56 . 2016-11-11 22:05 66624 ----a-w- c:\windows\system32\vnetinst.dll
2017-02-24 12:56 . 2016-11-11 22:05 44096 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2017-02-24 12:56 . 2016-11-11 22:05 45632 ----a-w- c:\windows\system32\drivers\vmnet.sys
2017-02-24 12:56 . 2016-11-11 22:21 1148488 ----a-w- c:\windows\system32\vnetlib64.dll
2017-02-24 12:56 . 2016-09-06 17:48 83008 ----a-w- c:\windows\system32\drivers\hcmon.sys
2017-02-24 12:55 . 2017-02-24 12:55 -------- d-----w- c:\program files (x86)\Common Files\ThinPrint
2017-02-24 12:55 . 2017-02-24 12:55 -------- d-----w- c:\program files\Common Files\VMware
2017-02-24 12:54 . 2017-02-24 12:55 -------- d-----w- c:\program files (x86)\Common Files\VMware
2017-02-23 16:27 . 2017-03-10 10:28 -------- d-----w- c:\users\Blaster\AppData\Roaming\Smart PC Solutions
2017-02-19 13:22 . 2017-02-19 13:22 30976 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-02-19 13:12 . 2017-02-19 13:12 639728 ----a-w- c:\windows\system32\msvcp140.dll
2017-02-19 13:12 . 2017-02-19 13:12 334616 ----a-w- c:\windows\system32\concrt140.dll
2017-02-19 13:12 . 2017-02-19 13:12 244504 ----a-w- c:\windows\SysWow64\concrt140.dll
2017-02-19 13:11 . 2017-02-19 13:11 458016 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-02-19 13:11 . 2017-02-19 13:11 89328 ----a-w- c:\windows\system32\vcruntime140.dll
2017-02-19 13:11 . 2017-02-19 13:11 443632 ----a-w- c:\windows\SysWow64\msvcp140.dll
2017-02-19 13:10 . 2017-02-19 13:10 85744 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2017-02-19 13:09 . 2017-02-19 13:09 394504 ----a-w- c:\windows\system32\vccorlib140.dll
2017-02-19 13:09 . 2017-02-19 13:09 271104 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2017-02-19 12:53 . 2017-02-19 12:53 259792 ----a-w- c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-02-11 16:20 . 2017-02-11 17:55 -------- d-----w- c:\users\Blaster\AppData\Roaming\tor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-03-11 09:56 . 2015-08-17 17:21 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-03-02 23:18 . 2016-10-06 11:51 51248 ----a-w- c:\windows\system32\drivers\avusbflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 78600 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 35328 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2017-03-02 23:18 . 2015-08-18 08:59 176968 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2017-03-02 23:18 . 2015-08-18 08:59 148104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2017-02-20 00:47 . 2015-08-18 08:49 4510400 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2017-02-15 11:52 . 2015-08-18 15:05 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-15 11:52 . 2015-08-18 15:05 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-23 10:27 . 2016-11-16 11:19 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2017-01-07 10:16 . 2012-07-17 12:37 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2016-12-25 19:24 . 2015-11-26 13:11 6656 ----a-w- c:\windows\system32\lpcio.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-05 17:06 1587272 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-19 19:44 1632048 ----a-w- c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-07-17 8418584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Avira SystrayStartTrigger"="c:\program files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe" [2016-12-29 61896]
"avgnt"="c:\program files (x86)\Avira\Antivirus\avgnt.exe" [2017-03-02 909744]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2015-10-23 708496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\Antivirus\avmailc7.exe;c:\program files (x86)\Avira\Antivirus\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\Antivirus\avwebg7.exe;c:\program files (x86)\Avira\Antivirus\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FileZillaServer;FileZillaServer;c:\xampp\filezillaftp\filezillaserver.exe;c:\xampp\filezillaftp\filezillaserver.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Tomcat7;Apache Tomcat Tomcat7;c:\xampp\tomcat\bin\tomcat7.exe;c:\xampp\tomcat\bin\tomcat7.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;c:\windows\system32\DRIVERS\dtliteusbbus.sys;c:\windows\SYSNATIVE\DRIVERS\dtliteusbbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\Antivirus\sched.exe;c:\program files (x86)\Avira\Antivirus\sched.exe [x]
S2 Apache2.4;Apache2.4;c:\xampp\apache\bin\httpd.exe;c:\xampp\apache\bin\httpd.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ClickToRunSvc;Služba Microsoft Office ClickToRun;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 HPMo4DE3;Mouse Suite Driver_4DE3 (WDF Version);c:\windows\system32\DRIVERS\HPMo4DE3.sys;c:\windows\SYSNATIVE\DRIVERS\HPMo4DE3.sys [x]
S3 HPub4DE3;USB Mouse Low Filter Driver_4DE3 (WDF Version);c:\windows\system32\Drivers\HPub4DE3.sys;c:\windows\SYSNATIVE\Drivers\HPub4DE3.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2017-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18 11:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-05-05 17:06 1638992 ----a-w- c:\users\Blaster\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-19 21:54 2326320 ----a-w- c:\program files\Microsoft Office\root\Office16\GROOVEEX.DLL
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpn.upce.cz/CACHE/stc/4/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Blaster\AppData\Roaming\Mozilla\Firefox\Profiles\0jawrvp4.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{74d0e5db-b326-4dae-a6b2-445b9de1836e} - c:\programdata\Package Cache\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\VC_redist.x86.exe
AddRemove-{7f51bdb9-ee21-49ee-94d6-90afc321780e} - c:\programdata\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe
AddRemove-{845380e2-f0b5-4584-bc40-cc54345b3c06} - c:\programdata\Package Cache\{845380e2-f0b5-4584-bc40-cc54345b3c06}\Avira.OE.Setup.Bundle.exe
AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
AddRemove-{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4} - c:\programdata\Package Cache\{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4}\wdexpress_full.exe
AddRemove-{e46eca4f-393b-40df-9f49-076faf788d83} - c:\programdata\Package Cache\{e46eca4f-393b-40df-9f49-076faf788d83}\VC_redist.x64.exe
AddRemove-{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4} - c:\programdata\Package Cache\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}\sdksetup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_221_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2017-03-11 11:42:50
ComboFix-quarantined-files.txt 2017-03-11 10:42
ComboFix2.txt 2017-03-10 10:55
.
Před spuštěním: Volných bajtů: 160 851 312 640
Po spuštění: Volných bajtů: 162 277 548 032
.
- - End Of File - - E2E0273FE855F8862EB7CC8515417DF6
A36C5E4F47E84449FF07ED3517B43A31

[naro]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:47:47, on 11.3.2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Users\Blaster\Downloads\aswmbr.exe
C:\Users\Blaster\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} (Cisco AnyConnect Secure Mobility Client Web Control) - https://vpn.upce.cz/CACHE/stc/4/binaries/vpnweb.cab
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Apache2.4 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZillaServer - FileZilla Project - C:\xampp\filezillaftp\filezillaserver.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: Apache Tomcat Tomcat7 (Tomcat7) - Apache Software Foundation - C:\xampp\tomcat\bin\tomcat7.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\SysWOW64\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\SysWOW64\vmnat.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11089 bytes

[naro]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2017-03-11 11:45:55
-----------------------------
11:45:55.746 OS Version: Windows x64 6.1.7601 Service Pack 1
11:45:55.746 Number of processors: 4 586 0x1001
11:45:55.746 ComputerName: BLASTER-PC UserName: Blaster
11:45:57.017 Initialize success
11:45:57.087 VM: initialized successfully
11:45:57.087 VM: Amd CPU supported
11:46:33.308 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000074
11:46:33.308 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 238475MB BusType: 11
11:46:33.308 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000075
11:46:33.324 Disk 1 Vendor: ST1000DM CC45 Size: 953869MB BusType: 11
11:46:33.448 Disk 1 MBR read successfully
11:46:33.464 Disk 1 MBR scan
11:46:33.464 Disk 1 Windows 7 default MBR code
11:46:33.464 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:46:33.480 Disk 1 Boot: NTFS code=2
11:46:33.495 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 499899 MB offset 206848
11:46:33.495 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 453868 MB offset 1024000000
11:46:33.526 Disk 1 scanning C:\Windows\system32\drivers
11:46:40.732 Service scanning
11:46:56.086 Modules scanning
11:46:56.097 Disk 1 trace - called modules:
11:46:56.129 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
11:46:56.144 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007d8f060]
11:46:56.144 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007af0ac0]
11:46:56.144 5 amd_xata.sys[fffff88001125d00] -> nt!IofCallDriver -> \Device\00000075[0xfffffa8007aee8b0]
11:46:56.144 Disk 1 statistics 90068/0/0 @ 6,38 MB/s
11:46:56.163 Scan finished successfully
11:48:46.694 Disk 1 MBR has been saved successfully to "C:\Users\Blaster\Downloads\MBR.dat"
11:48:46.694 The log file has been saved successfully to "C:\Users\Blaster\Downloads\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

c:\users\Blaster\AppData\Roaming\tor --- tuto složku smaž!

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt

Co problémy?

[naro]

# DelFix v1.013 - Logfile created 12/03/2017 at 13:47:46
# Updated 17/04/2016 by Xplode
# Username : Blaster - BLASTER-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\Blaster\Downloads\adwcleaner_6.044 (1).exe
Deleted : C:\Users\Blaster\Downloads\adwcleaner_6.044.exe
Deleted : C:\Users\Blaster\Downloads\JRT.exe
Deleted : C:\Users\Blaster\Downloads\HijackThis.exe
Deleted : C:\Users\Blaster\Downloads\hijackthis.log
Deleted : C:\Users\Blaster\Downloads\MBR.dat
Deleted : C:\Users\Blaster\Downloads\OTC.exe
Deleted : C:\Users\Blaster\Downloads\RogueKillerX64 (1).exe
Deleted : C:\Users\Blaster\Downloads\RogueKillerX64.exe
Deleted : C:\Users\Blaster\Downloads\TFC.exe
Deleted : C:\Users\Blaster\Downloads\zoek (1).exe
Deleted : C:\Users\Blaster\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Cleaning system restore ...

Deleted : RP #126 [ComboFix created restore point | 03/12/2017 12:45:18]

New restore point created !

########## - EOF - ##########




Asi je to lepší, nicméně pořád se mi nezdá, že rychlost odpovídá 8 GB RAM a 3.8 GHz ctyrjadru. Nemůže mi to zpomalovat starý disk? Systém mám na relativně novém a na tom starém (cca 8 let) mám jen dokumenty

[jaro3]

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM -ponech , jak je.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..


Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

[naro]

Memtest - 0 errors.



----------------------------------------------------------------------------
CrystalDiskInfo 7.0.5 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x64)
Date : 2017/03/13 16:04:02

-- Controller Map ----------------------------------------------------------
+ AMD SATA Controller [ATA]
- SAMSUNG HD253GJ SATA Disk Device
- ST1000DM 003-1ER162 SATA Disk Device

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD253GJ : 250,0 GB [0/0/0, pd1]
(2) ST1000DM003-1ER162 : 1000,2 GB [1/0/0, pd1] - st

----------------------------------------------------------------------------
(1) SAMSUNG HD253GJ
----------------------------------------------------------------------------
Model : SAMSUNG HD253GJ
Firmware : 1AJ10001
Serial Number : S24JJ90Z524717
Disk Size : 250,0 GB (8,4/137,4/250,0/250,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : ---- | SATA/300
Power On Hours : 15561 hod.
Power On Count : 6703 krát
Temperature : 29 C (84 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]
Drive Letter : E: F: G:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 00000000000B Počet chyb čtení
02 _55 _55 __0 000000000845 Průchodnost disku
03 _83 _83 _25 000000001435 Čas na roztočení ploten
04 _91 _91 __0 0000000023E8 Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000003CC9 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _94 _94 __0 000000001A2F Počet cyklů zapnutí zařízení
BF 100 100 __0 00000000000E Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _56 __0 002D0012001D Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 _95 _95 __0 000000000A65 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000079 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 00000000242B Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 344A 4A39 305A 3532 3437 3137 2020 2020 2020
020: 0000 8000 0050 3141 4A31 3030 3031 5341 4D53 554E
030: 4720 4844 3235 3347 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 004C 0044
080: 01FF 0028 746B 7F69 4123 7469 BC41 4123 407F 0013
090: 0013 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 0000 4000 0000 5002 4E92
110: 0287 1C5E 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 C7A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 0B 00 00 00 00 00 00 02 26
010: 00 37 37 45 08 00 00 00 00 00 03 23 00 53 53 35
020: 14 00 00 00 00 00 04 32 00 5B 5B E8 23 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 C9 3C 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0B 32
070: 00 FC FC 00 00 00 00 00 00 00 0C 32 00 5E 5E 2F
080: 1A 00 00 00 00 00 BF 22 00 64 64 0E 00 00 00 00
090: 00 00 C0 22 00 FC FC 00 00 00 00 00 00 00 C2 02
0A0: 00 40 38 1D 00 12 00 2D 00 00 C3 3A 00 64 64 00
0B0: 00 00 00 00 00 00 C4 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C5 32 00 FC FC 00 00 00 00 00 00 00 C6 30
0D0: 00 FC FC 00 00 00 00 00 00 00 C7 36 00 5F 5F 65
0E0: 0A 00 00 00 00 00 C8 2A 00 64 64 79 00 00 00 00
0F0: 00 00 DF 32 00 FC FC 00 00 00 00 00 00 00 E1 32
100: 00 64 64 2B 24 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 E8 08 00 5B
170: 03 00 01 00 02 26 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0B 00
070: 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 00 00
080: 00 00 00 00 00 00 BF 00 00 00 00 00 00 00 00 00
090: 00 00 C0 00 00 00 00 00 00 00 00 00 00 00 C2 00
0A0: 00 00 00 00 00 00 00 00 00 00 C3 00 00 00 00 00
0B0: 00 00 00 00 00 00 C4 00 00 00 00 00 00 00 00 00
0C0: 00 00 C5 00 00 00 00 00 00 00 00 00 00 00 C6 00
0D0: 00 00 00 00 00 00 00 00 00 00 C7 00 00 00 00 00
0E0: 00 00 00 00 00 00 C8 00 00 00 00 00 00 00 00 00
0F0: 00 00 DF 00 00 00 00 00 00 00 00 00 00 00 E1 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3B

----------------------------------------------------------------------------
(2) ST1000DM003-1ER162
----------------------------------------------------------------------------
Model : ST1000DM003-1ER162
Firmware : CC45
Serial Number : Z4Y79GEW
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 3623 hod.
Power On Count : 2200 krát
Temperature : 34 C (93 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 115 _99 __6 000005121010 Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 _98 _98 _20 00000000089C Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 _83 _60 _30 00010D178AFF Počet chybných hledání
09 _96 _96 __0 000000000E27 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _98 _98 _20 000000000898 Počet cyklů zapnutí zařízení
B7 100 100 __0 000000000000 Specifický pro výrobce
B8 100 100 _99 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 _99 __0 000000000003 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _66 _57 _45 0000221C0022 Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000000F Počet vypnutí disku
C1 _99 _99 __0 000000000CAB Počet cyklů načítání/vymazání
C2 _34 _43 __0 001300000022 Teplota
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000001 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 81A400000EBB Čas nastavování hlaviček - v hodinách
F1 100 253 __0 000470F56C99 Total Host Writes
F2 100 253 __0 00AA9B3A5D67 Total Host Reads

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5A34 5937 3947 4557
020: 0000 0000 0004 4343 3435 2020 2020 5354 3130 3030
030: 444D 3030 332D 3145 5231 3632 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 5110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 850E 0006 00CC 0044
080: 03F0 001F 346B 7D69 4163 3469 BC49 4163 407F 0031
090: 0031 8080 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: 7B35 A6F9 0000 0000 0000 0000 0000 0000 0000 405E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 05FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 8000 0000 0000 5800 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 1085 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0007 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0BA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 73 63 10 10 12 05 00 00 00 03 03
010: 00 61 61 00 00 00 00 00 00 00 04 32 00 62 62 9C
020: 08 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 53 3C FF 8A 17 0D 01 00 00 09 32
040: 00 60 60 27 0E 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 62 62 98 08 00 00 00
060: 00 00 B7 32 00 64 64 00 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 64 64 00
080: 00 00 00 00 00 00 BC 32 00 64 63 03 00 00 00 00
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 42 39 22 00 1C 22 00 00 00 BF 32 00 64 64 00
0B0: 00 00 00 00 00 00 C0 32 00 64 64 0F 00 00 00 00
0C0: 00 00 C1 32 00 63 63 AB 0C 00 00 00 00 00 C2 22
0D0: 00 22 2B 22 00 00 00 13 00 00 C5 12 00 64 64 00
0E0: 00 00 00 00 00 00 C6 10 00 64 64 00 00 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 01 00 00 00 00 00 00 F0 00
100: 00 64 FD BB 0E 00 00 A4 81 2C F1 00 00 64 FD 99
110: 6C F5 70 04 00 00 F2 00 00 64 FD 67 5D 3A 9B AA
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 73
170: 03 00 01 00 01 67 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 04 03 03 03 03 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 CC E4 6F E3 DC 0B 00 00
1B0: 00 00 00 00 01 00 36 6B 99 6C F5 70 04 00 00 00
1C0: 67 5D 3A 9B AA 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 AE 10 00 00 01 00 00 00
1E0: 00 00 00 00 F0 56 01 00 00 00 00 00 00 00 00 01
1F0: 00 00 00 00 00 00 00 00 00 00 14 18 00 00 00 76

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 F0 00
100: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
110: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD

[jerabina]

Zítra udělej prosím nový log pomocí CDI a dej nám ho sem, ať vidíme, jestli se nějaký údaj nemění příliš rychle.

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše. Prosím zkopíruj sem celý jejich obsah.

[naro]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Blaster (13-03-2017 18:42:27)
Running from C:\Users\Blaster\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-08-17 15:37:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-189607784-2882094461-4077407150-500 - Administrator - Disabled)
Blaster (S-1-5-21-189607784-2882094461-4077407150-1000 - Administrator - Enabled) => C:\Users\Blaster
Guest (S-1-5-21-189607784-2882094461-4077407150-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-189607784-2882094461-4077407150-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.154 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{845380e2-f0b5-4584-bc40-cc54345b3c06}) (Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.77.41287 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.12020 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.12020 - Cisco Systems, Inc.) Hidden
Command & Conquer Red Alert 2 (HKLM-x32\...\Red Alert 2) (Version: - )
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.10240.0 (x32 Version: 10.0.10240.0 - Microsoft Corporation) Hidden
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
JavaFX Scene Builder 2.0 (HKLM-x32\...\{B4665EB1-1F7A-44F5-AD07-C20A938E8BC2}) (Version: 2.0 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Mafia (HKLM-x32\...\{C72D7008-266D-4DD8-BF3C-296B736127F6}) (Version: 1.02 - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.7369.2118 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-189607784-2882094461-4077407150-1000\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2015 for Windows Desktop - ENU (HKLM-x32\...\{cf9e81f7-4c03-403e-92b1-93d18aa8c3a4}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 cs)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
Need For Speed Hot Pursuit 2 (HKLM-x32\...\{76F4DD9B-C246-4BE0-00B6-3DE9ABF72299}) (Version: - )
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7369.2118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7369.2118 - Microsoft Corporation) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.73909 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VMware Player (HKLM\...\{6D211A09-EB2A-4B83-ACCB-13B1BC12AF4E}) (Version: 12.5.2 - VMware, Inc.)
WinAppDeploy (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.9-1 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {203AE90D-E3BC-4617-ADFC-3BBCA96608D3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-20] (Microsoft Corporation)
Task: {20A8A3D8-51C0-46DB-BABC-FD3041A65DC5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-19] (Microsoft Corporation)
Task: {31DE8D29-080D-436B-AC9D-28067FA4CCB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {3B06C288-D2C1-4059-8FF0-E5F6A785A663} - \{E0DA7D18-861E-47F3-B3CA-7FB21BBBDA03} -> No File <==== ATTENTION
Task: {654CF9E5-BDA8-4D34-B152-BC4F74E2903D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {6823B60B-A0AE-49D6-8308-E8B25469EB62} - System32\Tasks\{B19637B9-DFA9-4FE3-BE2F-72A4FB083540} => D:\lol.launcher.exe [2014-01-21] ()
Task: {A190D2BD-45A8-441A-9B1B-AB5E432EF533} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
Task: {B849E9D0-CDCD-453F-B32D-B453745A3764} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-19] (Microsoft Corporation)
Task: {BB86DAB9-6F87-46B8-B809-755009F879EE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-15] (Adobe Systems Incorporated)
Task: {BF9C3017-704F-4210-AAB6-869BA8AFF110} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-20] (Microsoft Corporation)
Task: {E4869FA4-4F11-492F-B3CE-4FC71FBA92AB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-02-20] (Microsoft Corporation)
Task: {EC6697B1-3023-42F4-A8C8-0210D2AE4295} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-10 16:07 - 2016-07-18 11:01 - 11738568 _____ () C:\xampp\mysql\bin\mysqld.exe
2017-02-07 15:51 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 15:51 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2015-08-24 18:59 - 2014-11-18 20:37 - 00244106 _____ () C:\Program Files\NetBeans 8.0.2\ide\modules\lib\extbrowser64.dll
2016-10-19 12:13 - 2017-03-07 10:00 - 04534984 _____ () C:\Program Files\Microsoft Office\root\Office16\gfx.dll
2016-05-12 11:45 - 2017-03-07 09:48 - 00309448 _____ () C:\Program Files\Microsoft Office\root\Office16\IEAWSDC.DLL
2015-10-23 09:15 - 2015-10-23 09:15 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-11-10 16:06 - 2016-06-15 11:26 - 00419328 _____ () C:\xampp\apache\bin\pcre.dll
2016-11-10 16:07 - 2016-07-20 19:44 - 00149504 _____ () C:\xampp\php\libpq.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-03-10 11:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-189607784-2882094461-4077407150-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Blaster\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.4.90 - 10.0.4.94
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: TortoiseSVN Monitor => C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe /tray
MSCONFIG\startupreg: Travian Crop Tool => "C:\Program Files (x86)\Travian Crop Tool\TravianCropTool.exe" -startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8A9EEE55-A4BB-4120-B664-0FD6C0F9E194}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4A28EA0-79A4-4A8C-BF76-D434CEF561D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D21ACBDA-740E-4303-B784-FEFF290AAFE7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9BDAAF5A-39C3-47B1-8479-231FB06C9CEF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FCD00BD5-7D6F-4A85-8FC2-147DAFEA01EF}] => (Allow) LPort=2869
FirewallRules: [{652ED448-C865-4EA9-B968-575975053286}] => (Allow) LPort=1900
FirewallRules: [{D6E029B3-A691-46FC-AAD4-9EC93950DD05}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12FF60CF-E8A6-45F3-BF72-323EE37924EA}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2A730BA9-653D-4750-BC62-64930D6DF40D}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82056147-A3F0-4411-BB3A-8964AA40D328}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{866CCF9A-422A-4062-A002-0D3185F8BAC7}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BECC1385-11D3-4E6F-8F56-E3F103AED7DB}] => (Allow) C:\Users\Blaster\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1D7A647E-9EC8-4158-9DC5-76DA6153851E}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{53C3E46B-108D-4CA2-81C7-B48EBFBA4718}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{1F12E8B8-9E57-4722-9D92-309D9873677D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\WDExpress.exe
FirewallRules: [{25D376F6-8160-428E-852B-5D686722CD3F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AE1F8366-1E57-4B05-AA97-EAE58B1A194B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1DC6D61B-3FD7-4DDC-898D-228DE35FDC3E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{347F0950-CB46-4D97-AE0A-26BD7C1B948A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{65C44BAD-DF3F-421F-9F36-7B1A581E9416}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0594F13E-6D52-4A50-8616-83331B9C5181}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A7134B8B-4DA9-4D51-A18A-B8A134AAE460}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{ECE60BE5-617B-46BB-A741-A39FE577BC17}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{4770C637-1475-4D09-935F-B99B7D6E4FA4}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{3148551F-BCD1-4649-9730-2A65D45B9146}] => (Allow) D:\lol.launcher.exe
FirewallRules: [{38653936-264D-44B7-A78B-6BB708917E71}] => (Allow) D:\lol.launcher.exe
FirewallRules: [{FCAA6F67-963E-48F8-870B-E4C63D706681}] => (Allow) D:\RADS\system\rads_user_kernel.exe
FirewallRules: [{F2A10488-63F6-45A9-8D87-D60347BB3E08}] => (Allow) D:\RADS\system\rads_user_kernel.exe
FirewallRules: [{1E053B1D-EAD0-44BD-97C3-EAC1712C95DC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{B50FB36B-4355-496A-8361-A08AA2EB2C7B}C:\users\blaster\downloads\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) C:\users\blaster\downloads\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [UDP Query User{A346826B-8DF9-4ECE-9FA7-D6AE9001C5B8}C:\users\blaster\downloads\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) C:\users\blaster\downloads\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [TCP Query User{3CEF2AE5-7A5C-4A2A-836E-5D1A7E4EA0D2}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{72E86431-9755-4F6A-81AD-B4E0CC8AF0D5}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{79FC5CF1-A0F5-4197-B68A-BFA6BC06E7AC}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [UDP Query User{2D996B55-CE23-460F-A351-F2542BDF81E6}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{70CA00EA-4EF1-40DF-B7F2-1C3051A6A16F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EFCDD5D4-6F10-4D11-BE60-22B40AD86C7D}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{FBF1DD93-A523-4F8F-9F84-2690E3AFD5AA}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{8DAD5590-97D2-4BB9-AB5F-F1DC31A696A5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BF380564-62AB-47F5-A71F-A112BE9E1FB5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{84C476F7-E817-4822-9016-94C80B577107}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{06A54C38-B894-4AC8-AC5D-C662049D0629}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

12-03-2017 13:47:54 End of disinfection

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2017 10:21:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro C:\Users\Blaster\Downloads\vcredist_arm.exe se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (03/09/2017 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 43.0.1.5828, časové razítko: 0x56723a12
Název chybujícího modulu: mozglue.dll, verze: 43.0.1.5828, časové razítko: 0x56722c0b
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed63
ID chybujícího procesu: 0x1d40
Čas spuštění chybující aplikace: 0x01d298ef8e1b2aa4
Cesta k chybující aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
ID zprávy: e198d4b4-04e2-11e7-a0f3-005056c00008

Error: (03/09/2017 05:10:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 43.0.1.5828, časové razítko: 0x56723a12
Název chybujícího modulu: mozglue.dll, verze: 43.0.1.5828, časové razítko: 0x56722c0b
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed63
ID chybujícího procesu: 0xd84
Čas spuštění chybující aplikace: 0x01d298ef7d8418f4
Cesta k chybující aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
ID zprávy: d9d0cafc-04e2-11e7-a0f3-005056c00008

Error: (03/09/2017 01:02:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: assistant.exe, verze: 3.0.0.912, časové razítko: 0x58811c1b
Název chybujícího modulu: Qt5Core.dll, verze: 5.6.2.0, časové razítko: 0x5849a177
Kód výjimky: 0xc0000005
Posun chyby: 0x001948c7
ID chybujícího procesu: 0x1204
Čas spuštění chybující aplikace: 0x01d298cd06395328
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 534c1c0b-04c0-11e7-a0f3-005056c00008

Error: (03/09/2017 01:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: assistant.exe, verze: 3.0.0.912, časové razítko: 0x58811c1b
Název chybujícího modulu: Qt5Core.dll, verze: 5.6.2.0, časové razítko: 0x5849a177
Kód výjimky: 0xc0000005
Posun chyby: 0x00171473
ID chybujícího procesu: 0x1204
Čas spuštění chybující aplikace: 0x01d298cd06395328
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID zprávy: 51e9eecb-04c0-11e7-a0f3-005056c00008

Error: (03/08/2017 01:36:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.1.0.415, časové razítko: 0x5881b7a1
Název chybujícího modulu: arwlib.dll, verze: 3.0.0.390, časové razítko: 0x58af57f8
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000070b94
ID chybujícího procesu: 0xe20
Čas spuštění chybující aplikace: 0x01d298067129ed0f
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
ID zprávy: e2f8902c-03fb-11e7-84f9-005056c00008

Error: (03/07/2017 05:08:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 43.0.1.5828, časové razítko: 0x56723a12
Název chybujícího modulu: mozglue.dll, verze: 43.0.1.5828, časové razítko: 0x56722c0b
Kód výjimky: 0x80000003
Posun chyby: 0x0000ed63
ID chybujícího procesu: 0x1444
Čas spuštění chybující aplikace: 0x01d2975c374ccb8a
Cesta k chybující aplikaci: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Cesta k chybujícímu modulu: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
ID zprávy: 5ec585d0-0350-11e7-8146-005056c00008

Error: (03/06/2017 09:06:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamservice.exe, verze: 3.1.0.415, časové razítko: 0x5881b7a1
Název chybujícího modulu: arwlib.dll, verze: 3.0.0.390, časové razítko: 0x58af57f8
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000070b94
ID chybujícího procesu: 0xebc
Čas spuštění chybující aplikace: 0x01d2964ddc94ef53
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Cesta k chybujícímu modulu: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
ID zprávy: db8f111a-0243-11e7-a477-005056c00008

Error: (03/03/2017 11:56:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: rads_user_kernel.exe, verze: 0.0.0.0, časové razítko: 0x4e65c1ac
Název chybujícího modulu: rads_user_kernel.exe, verze: 0.0.0.0, časové razítko: 0x4e65c1ac
Kód výjimky: 0xc0000005
Posun chyby: 0x000b8554
ID chybujícího procesu: 0x15e4
Čas spuštění chybující aplikace: 0x01d2940cb7649829
Cesta k chybující aplikaci: D:\RADS\system\rads_user_kernel.exe
Cesta k chybujícímu modulu: D:\RADS\system\rads_user_kernel.exe
ID zprávy: 07812f2e-0000-11e7-97d2-005056c00008

Error: (02/25/2017 04:28:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program PSPad.exe verze 4.6.1.2716 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1ab8

Čas spuštění: 01d28f5a444d80dd

Čas ukončení: 5

Cesta k aplikaci: C:\Users\Blaster\Documents\pspad461b2716\PSPad.exe

ID hlášení:


System errors:
=============
Error: (03/13/2017 02:58:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (03/13/2017 02:58:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Apache Tomcat Tomcat7 ukončena s chybou Nesprávná funkce.
, specifickou pro službu.

Error: (03/13/2017 02:58:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba FileZillaServer neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/13/2017 02:58:18 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby FileZillaServer bylo dosaženo časového limitu (30000 ms).

Error: (03/13/2017 02:49:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (03/13/2017 02:48:50 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Apache Tomcat Tomcat7 ukončena s chybou Nesprávná funkce.
, specifickou pro službu.

Error: (03/13/2017 02:48:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba FileZillaServer neuspěla při spuštění v důsledku následující chyby:
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (03/13/2017 02:48:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby FileZillaServer bylo dosaženo časového limitu (30000 ms).

Error: (03/13/2017 09:44:10 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
cdrom

Error: (03/13/2017 09:43:56 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Apache Tomcat Tomcat7 ukončena s chybou Nesprávná funkce.
, specifickou pro službu.


CodeIntegrity:
===================================
Date: 2017-03-10 11:51:36.066
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-10 11:51:36.035
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A10-5800K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 7371.11 MB
Available physical RAM: 3676.8 MB
Total Virtual: 14740.4 MB
Available Virtual: 9982.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:443.23 GB) (Free:161.26 GB) NTFS
Drive d: () (Fixed) (Total:488.18 GB) (Free:479.34 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: (Stary Disk) (Fixed) (Total:97.56 GB) (Free:81.37 GB) NTFS
Drive g: (Stary Disk) (Fixed) (Total:135.23 GB) (Free:32.66 GB) NTFS
Drive i: (STORE N GO) (Removable) (Total:14.41 GB) (Free:4.57 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 232.9 GB) (Disk ID: 5963DD6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or (Size: 931.5 GB) (Disk ID: 3FAFD3D2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 1C2301F2)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)

==================== End of Addition.txt ============================