Prosím o kontrolu

Zpráva

imicro · #1 Příspěvek od **imicro** » 24 kvě 2016 14:53

Prosím o kontrolu - všetko sa zdá byť v poriadku, takze iba preventivne.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Tom at 2016-05-24 15:50:38
Microsoft Windows 8.1 Pro
System drive C: has 156 GB (64%) free of 244 GB
Total RAM: 32630 MB (86% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:50:41, on 24.5.2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\ThunderbirdPortable.exe
D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\App\thunderbird\thunderbird.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
D:\_Tom\Programy\Adobe\Adobe InDesign CS6\InDesign.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Tom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://unstops.biz/wpad.dat?4b90964ce06 ... 7e10512187
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\_Tom\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: Synology Cloud Station Drive.lnk = C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Cloud Station Drive VSS Service x64 - Unknown owner - C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Plsesh Community (plscmmService) - Unknown owner - C:\Program Files (x86)\Plsesh\plscmmService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10209 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
"C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"

taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe"
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer11_Logfile.log
"C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe"
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe"
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=50.0.2661.102 --handshake-handle=0x140
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3888.0.995727629\1469501699" --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=4,12,15,24,53,71 --gpu-vendor-id=0x8086 --gpu-device-id=0x0412 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.14.4264 --ignored=" --type=renderer " /prefetch:2
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.1.2001790588\1773436007" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.2.984889103\1554030916" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.3.722474877\170950856" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.4.2097561921\1429580184" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.5.70045271\1875475553" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.6.448819069\1077439232" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.7.1805445037\1965019324" /prefetch:1
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

"C:\Windows\System32\StikyNot.exe"
"D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe"
C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe --log_folder log --info_folder . --log_level CloudStation.app/log_template/syncfolder_c.debug
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\system32\GWX\GWX.exe"
C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe C:/Users/Tom/AppData/Local/CloudStation/data/config/client.conf 1024
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.9.1204935472\1050878313" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.12.2113576589\1004375865" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.13.112511746\1817293006" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.19.754049066\2050501058" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.23.1881480575\557766334" /prefetch:1
"D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\ThunderbirdPortable.exe"
"D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\App\thunderbird\thunderbird.exe" -profile "D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\Data\profile"
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.28.43094577\1068712558" /prefetch:1
"D:\_Tom\Programy\Adobe\Adobe InDesign CS6\InDesign.exe"
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" "-launchedbycsxs"
"C:\Program Files\Microsoft Office\Office15\POWERPNT.EXE" "C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\ContainedTemp\program.pptx" /ou ""
"C:\Program Files\Microsoft Office\Office15\POWERPNT.EXE" /Embedding

"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.30.825554000\2090873774" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.38.2078774875\811243132" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --disable-client-side-phishing-detection --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.46.1397372649\151424712" /prefetch:1
"C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --enable-features=AutomaticTabDiscarding<AutomaticTabDiscarding,IncidentReportingModuleLoadAnalysis<SafeBrowsingIncidentReportingServiceFeatures,IncidentReportingSuspiciousModuleReporting<SafeBrowsingIncidentReportingServiceFeatures,WebFontsIntervention<WebFontsIntervention --disable-features=UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --lang=sk --force-fieldtrials=AppBannerTriggering/Aggressive/AutofillProfileOrderByFrecency/Enabled/*AutomaticTabDiscarding/Enabled_Once_10-gen2/BrotliEncoding/Default/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Disabled/*ClientSideDetectionModel/Model0/*CrossDevicePromo/7DaySingleProfile/*DataReductionProxyConfigService/Enabled/*DirectWriteFontProxy/UseDirectWriteFontProxy/*ExtensionActionRedesign/Enabled/ExtensionDeveloperModeWarning/Enabled/*ExtensionInstallVerification/Enforce/*GFE/Default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/*NetworkQualityEstimator/Enabled/*OmniboxBundledExperimentV1/Postperiod_AnswersInSuggest_A2/*PasswordBranding/Disabled/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Disable/*PreRead/Default/*QUIC/EnabledNoId/ReportCertificateErrors/ShowAndPossiblySend/*ResourcePriorities/Control50pct/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/Off/SSLCommonNameMismatchHandling/Enabled/*SafeBrowsingIncidentReportingService/Default/*SafeBrowsingIncidentReportingServiceFeatures/WithSuspiciousModuleReporting/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group3/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_51/*UMA-Uniformity-Trial-10-Percent/group_07/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_02/*UMA-Uniformity-Trial-5-Percent/group_06/*UMA-Uniformity-Trial-50-Percent/group_01/*UseDelayAgnosticAEC/DefaultEnabled/*WebFontsIntervention/Enabled/WebRTC-LocalIPPermissionCheck/Enabled/ --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --channel="3888.48.440203205\782976353" /prefetch:1
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 552 560 568 65536 564
"D:\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\
lyz@zotero.org

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09 228552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2016-04-12 2348848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09 163016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2016-04-12 1741104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05 508240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03 144200]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2016-04-25 23484296]
"AdobeBridge"= []
"DAEMON Tools Lite"=D:\_Tom\Programy\DAEMON Tools Lite\DTLite.exe [2015-02-27 5583120]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2014-10-29 479744]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2013-04-25 1075296]
"AdobeCEPServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]

C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Synology Cloud Station Drive.lnk - C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-05-24 15:50:38 ----D---- C:\rsit
2016-05-24 15:50:38 ----D---- C:\Program Files\trend micro
2016-05-24 12:31:51 ----D---- C:\AdwCleaner
2016-05-24 09:32:31 ----D---- C:\Users\Tom\AppData\Roaming\Profiles
2016-05-24 09:32:31 ----D---- C:\Program Files (x86)\Druigh
2016-05-24 09:32:30 ----D---- C:\Program Files (x86)\Plsesh
2016-05-24 09:32:30 ----D---- C:\Program Files (x86)\Hqationqwich
2016-05-16 11:14:16 ----D---- C:\Users\Tom\AppData\Roaming\Thunderbird
2016-05-11 06:13:47 ----A---- C:\Windows\SYSWOW64\schannel.dll
2016-05-11 06:13:47 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2016-05-11 06:13:47 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-05-11 06:13:47 ----A---- C:\Windows\system32\schannel.dll
2016-05-11 06:13:47 ----A---- C:\Windows\system32\ncrypt.dll
2016-05-11 06:13:47 ----A---- C:\Windows\system32\mshtml.dll
2016-05-11 06:13:47 ----A---- C:\Windows\system32\lsasrv.dll
2016-05-11 06:13:47 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-05-11 06:13:47 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2016-05-11 06:13:47 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-05-11 06:13:47 ----A---- C:\Windows\system32\drivers\cng.sys
2016-05-11 06:13:47 ----A---- C:\Windows\system32\certcli.dll
2016-05-11 06:13:46 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-05-11 06:13:46 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-05-11 06:13:46 ----A---- C:\Windows\system32\ieframe.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-05-11 06:13:45 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\wininet.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\webcheck.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\vbscript.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\urlmon.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\msfeeds.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\jscript9.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\jscript.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\inetcomm.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\iertutil.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\iedkcs32.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\ieapfltr.dll
2016-05-11 06:13:45 ----A---- C:\Windows\system32\ie4uinit.exe
2016-05-11 06:13:44 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2016-05-11 06:13:44 ----A---- C:\Windows\SYSWOW64\Windows.UI.dll
2016-05-11 06:13:44 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2016-05-11 06:13:44 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2016-05-11 06:13:44 ----A---- C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:13:44 ----A---- C:\Windows\system32\Windows.UI.dll
2016-05-11 06:13:44 ----A---- C:\Windows\system32\rpcrt4.dll
2016-05-11 06:13:44 ----A---- C:\Windows\system32\gdi32.dll
2016-05-11 06:13:43 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2016-05-11 06:13:43 ----A---- C:\Windows\SYSWOW64\d3d10level9.dll
2016-05-11 06:13:43 ----A---- C:\Windows\system32\rdpudd.dll
2016-05-11 06:13:43 ----A---- C:\Windows\system32\rdpcorets.dll
2016-05-11 06:13:43 ----A---- C:\Windows\system32\rdpcore.dll
2016-05-11 06:13:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:13:43 ----A---- C:\Windows\system32\d3d10level9.dll
2016-05-11 06:13:42 ----AC---- C:\Windows\system32\drivers\volsnap.sys
2016-05-11 06:13:42 ----A---- C:\Windows\SYSWOW64\shacct.dll
2016-05-11 06:13:42 ----A---- C:\Windows\SYSWOW64\dsparse.dll
2016-05-11 06:13:42 ----A---- C:\Windows\system32\shacct.dll
2016-05-11 06:13:42 ----A---- C:\Windows\system32\dsparse.dll
2016-05-11 06:13:41 ----A---- C:\Windows\SYSWOW64\webio.dll
2016-05-11 06:13:41 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-05-11 06:13:41 ----A---- C:\Windows\SYSWOW64\IPHLPAPI.DLL
2016-05-11 06:13:41 ----A---- C:\Windows\system32\win32k.sys
2016-05-11 06:13:41 ----A---- C:\Windows\system32\webio.dll
2016-05-11 06:13:41 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2016-05-11 06:13:41 ----A---- C:\Windows\system32\drivers\tcpip.sys
2016-05-11 06:13:41 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2016-05-11 06:13:40 ----AC---- C:\Windows\system32\drivers\volmgr.sys
2016-05-11 06:13:40 ----A---- C:\Windows\system32\msv1_0.dll
2016-05-11 06:13:40 ----A---- C:\Windows\system32\dpapisrv.dll

======List of files/folders modified in the last 1 month======

2016-05-24 15:50:38 ----RD---- C:\Program Files
2016-05-24 14:32:42 ----D---- C:\Windows\Temp
2016-05-24 14:00:00 ----D---- C:\Windows\system32\sru
2016-05-24 12:45:03 ----RD---- C:\Windows\System32
2016-05-24 12:45:03 ----D---- C:\Windows\Inf
2016-05-24 12:45:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-05-24 12:41:33 ----D---- C:\Windows\Prefetch
2016-05-24 09:32:42 ----D---- C:\Windows\system32\Tasks
2016-05-24 09:32:31 ----RD---- C:\Program Files (x86)
2016-05-24 03:37:51 ----D---- C:\Windows\Microsoft.NET
2016-05-23 12:40:04 ----D---- C:\Windows\system32\DriverStore
2016-05-23 12:40:04 ----D---- C:\Windows\system32\catroot
2016-05-22 14:54:33 ----D---- C:\Program Files (x86)\TeamViewer
2016-05-21 05:01:33 ----SHD---- C:\System Volume Information
2016-05-21 05:00:25 ----D---- C:\Windows\system32\config
2016-05-20 14:14:55 ----SHD---- C:\Windows\Installer
2016-05-20 14:14:49 ----D---- C:\Windows\SysWOW64
2016-05-19 17:01:16 ----D---- C:\Users\Tom\AppData\Roaming\Skype
2016-05-19 09:52:07 ----RD---- C:\Program Files (x86)\Skype
2016-05-15 03:18:57 ----D---- C:\Windows\rescache
2016-05-14 11:38:49 ----D---- C:\Windows\WinSxS
2016-05-14 11:37:53 ----D---- C:\Windows\SYSWOW64\wbem
2016-05-14 11:37:53 ----D---- C:\Windows\system32\wbem
2016-05-14 11:37:53 ----D---- C:\Windows\system32\en-US
2016-05-14 11:37:53 ----D---- C:\Windows\system32\drivers\en-GB
2016-05-14 11:37:53 ----D---- C:\Windows\system32\drivers
2016-05-14 11:37:53 ----D---- C:\Windows\system32\appraiser
2016-05-14 11:37:53 ----D---- C:\Program Files\Internet Explorer
2016-05-14 11:37:53 ----D---- C:\Program Files (x86)\Internet Explorer
2016-05-12 02:13:26 ----D---- C:\Program Files\Windows Journal
2016-05-12 02:13:21 ----D---- C:\Windows\system32\MRT
2016-05-12 02:10:41 ----A---- C:\Windows\system32\MRT.exe
2016-05-12 02:10:39 ----D---- C:\ProgramData\Microsoft Help
2016-05-12 02:10:20 ----D---- C:\Windows\SYSWOW64\en-GB
2016-05-12 02:10:20 ----D---- C:\Windows\system32\en-GB
2016-05-12 02:10:17 ----RD---- C:\Windows\assembly
2016-05-11 22:08:17 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-05-11 06:13:31 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-05-11 06:13:31 ----A---- C:\Windows\system32\winresume.exe
2016-05-11 06:13:31 ----A---- C:\Windows\system32\winload.exe
2016-05-11 06:13:31 ----A---- C:\Windows\system32\ntdll.dll
2016-05-11 06:13:31 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-05-11 06:13:26 ----D---- C:\Windows\system32\catroot2
2016-05-11 06:12:41 ----D---- C:\Windows\CbsTemp
2016-05-11 03:38:00 ----A---- C:\Windows\win.ini
2016-05-11 01:23:03 ----D---- C:\Windows\Tasks
2016-05-07 04:29:09 ----SD---- C:\Windows\SYSWOW64\GWX
2016-05-07 04:29:09 ----SD---- C:\Windows\system32\GWX
2016-05-03 17:19:52 ----D---- C:\Windows\system32\FxsTmp
2016-05-02 13:41:26 ----HD---- C:\ProgramData
2016-04-30 19:33:53 ----D---- C:\ProgramData\Skype
2016-04-29 08:12:34 ----HD---- C:\Program Files\WindowsApps
2016-04-27 11:59:19 ----D---- C:\Windows\AppReadiness

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R3 dtlitescsibus;@oem24.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2015-10-29 30352]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-08-09 4928256]
R3 ISCT;@oem4.inf,%ISCT.DeviceDesc%;Intel(R) Smart Connect Technology Device Driver; C:\Windows\System32\drivers\ISCTD64.sys [2013-07-30 47008]
R3 iwdbus;@oem3.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2015-05-26 30512]
R3 MonitorFunction;@oem21.inf,%MonitorFunction_SvcDesc%;Driver for Monitor; C:\Windows\System32\drivers\TVMonitor.sys [2015-11-16 16376]
R3 RTL8168;@oem20.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2016-01-05 935168]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;@oem23.inf,%VBoxNetFltService_Desc%;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 XtuAcpiDriver;@oem12.inf,%XtuAcpiDriver.SVCDESC%;Intel(R) Extreme Tuning Utility Device Driver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [2015-07-10 63840]
S3 intaud_WaveExtensible;@oem2.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2015-05-26 42288]
S3 WinUsb;@oem19.inf,%WinUSB_SvcDesc%;Android USB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2015-10-10 78848]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\System32\drivers\WUDFRd.sys [2014-10-29 226304]
S3 WUDFWpdMtp;WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 226304]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-04-22 82128]
R2 AGSService;Adobe Genuine Software Integrity Service; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-04-05 2021592]
R2 Cloud Station Drive VSS Service x64;Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [2016-03-16 287240]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2015-07-14 41760]
R2 TeamViewer;TeamViewer 11; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2016-05-12 7032080]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1272592]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03 144200]
S2 plscmmService;Plsesh Community; C:\Program Files (x86)\Plsesh\plscmmService.exe [2016-05-23 985752]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-03-23 327808]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03 144200]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-01-23 178760]
S4 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-08-09 288688]
S4 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-08-09 355232]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 24 kvě 2016 15:48

Krasny den Vam preju

Od dnesniho rana mate zavirovano - co jste provadel? V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu RogueKiller - http://www.bleepingcomputer.com/download/roguekiller/

spustte jako spravce
nahore prejdete na zalozku Scan
vpravo dole kliknete na Start Scan (potrva az nekolik desitek minut)
vlevo dole vyberte Open Report
vpravo dole Export TXT
report ulozte na plochu a jeho obsah vlozte do pristi odpovedi

imicro · #3 Příspěvek od **imicro** » 24 kvě 2016 17:35

To ste ma velmi nepotesili :/ Snazil som sa flashovat ROM na android tablete - asi som klikol na nejaky "spravny" odkaz.

LOG:

RogueKiller V12.3.0.0 [May 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Tom [Administrator]
Started from : C:\Users\Tom\Desktop\RogueKiller.exe
Mode : Scan -- Date : 05/24/2016 18:22:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2130369096-4029822526-2213145148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstops.biz/wpad.dat?4b90964ce06 ... 7e10512187 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2130369096-4029822526-2213145148-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://unstops.biz/wpad.dat?4b90964ce06 ... 7e10512187 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187 -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 147.229.37.10 147.229.37.11 ([-][Czech Republic]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 147.229.37.10 147.229.37.11 ([-][Czech Republic]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D30EDFC4-97BF-4971-920E-791A55E6BDC5} | DhcpNameServer : 147.229.37.10 147.229.37.11 ([-][Czech Republic]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D30EDFC4-97BF-4971-920E-791A55E6BDC5} | DhcpNameServer : 147.229.37.10 147.229.37.11 ([-][Czech Republic]) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 +++++
--- User ---
[MBR] 11157cbe356f367ae79b786c25470d5c
[BSP] d39f201eebd0f35ebd64d9f7d0d508de : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 99 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204800 | Size: 244095 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1ER162 +++++
--- User ---
[MBR] ef44cd5e252c50440b748bff4371a888
[BSP] d24106160236ce35194a5f8261508102 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

#4 Příspěvek od **altrok** » 24 kvě 2016 18:39

Dejte logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

imicro · #5 Příspěvek od **imicro** » 24 kvě 2016 21:47

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-05-2016 01
Ran by Tom (administrator) on TS (24-05-2016 22:45:04)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Disc Soft Ltd) D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(PortableApps.com) D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\ThunderbirdPortable.exe
(Mozilla Corporation) D:\_Tom\Programy\Tunderbird\ThunderbirdPortable\App\thunderbird\thunderbird.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\Tom\Desktop\RogueKiller.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [Google Update] => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc.)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [DAEMON Tools Lite] => D:\_Tom\Programy\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\MountPoints2: {5fd9a1aa-7b57-11e5-826f-d8cb8a1b0d5f} - "E:\AutoRun.exe" "1, EndNote X7, Thomson Reuters Scientific LLC."
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-05-24]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2130369096-4029822526-2213145148-1001] => hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187
Tcpip\Parameters: [DhcpNameServer] 147.229.37.10 147.229.37.11
Tcpip\..\Interfaces\{D30EDFC4-97BF-4971-920E-791A55E6BDC5}: [DhcpNameServer] 147.229.37.10 147.229.37.11
ManualProxies: 0hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB30rBH4pAE..&v=20160523&uid=8433E0C8B37649B0FF113F746EA3FC2A&ptid=epf1&mode=loadm
FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB30rBH4pAE..&v=20160523&uid=8433E0C8B37649B0FF113F746EA3FC2A&ptid=epf1&mode=loadm
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\searchplugins\7ell96dl.xml [2016-05-24]
FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org [2016-05-17]
FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
FF Extension: GsearchFinder - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-23]
FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\lyz@zotero.org [2016-05-24]
FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
StartMenuInternet: FIREFOX.EXE - D:\_Tom\Programy\Mozilla\firefox.exe

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3 ... mode=loadm"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287240 2016-03-16] ()
R3 Disc Soft Lite Bus Service; D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-07-14] (Microsoft)
S2 plscmmService; C:\Program Files (x86)\Plsesh\plscmmService.exe [985752 2016-05-23] ()
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-10-29] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-24] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 22:45 - 2016-05-24 22:45 - 00015627 _____ C:\Users\Tom\Desktop\FRST.txt
2016-05-24 22:44 - 2016-05-24 22:45 - 00000000 ____D C:\FRST
2016-05-24 22:43 - 2016-05-24 22:43 - 02382848 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2016-05-24 18:34 - 2016-05-24 18:34 - 00006930 _____ C:\Users\Tom\Desktop\rk_F965.tmp.txt
2016-05-24 18:34 - 2016-05-24 18:34 - 00006928 _____ C:\Users\Tom\Desktop\Viry forum.txt
2016-05-24 18:17 - 2016-05-24 18:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-24 18:16 - 2016-05-24 18:16 - 19867720 _____ C:\Users\Tom\Desktop\RogueKiller.exe
2016-05-24 18:16 - 2016-05-24 18:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\rsit
2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\Program Files\trend micro
2016-05-24 12:31 - 2016-05-24 12:40 - 00000000 ____D C:\AdwCleaner
2016-05-24 10:41 - 2016-05-24 10:41 - 00007605 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2016-05-24 09:32 - 2016-05-24 11:20 - 00000000 ____D C:\Program Files (x86)\Druigh
2016-05-24 09:32 - 2016-05-24 09:32 - 00008828 _____ C:\Windows\System32\Tasks\Plsesh Community
2016-05-24 09:32 - 2016-05-24 09:32 - 00000000 ____D C:\Program Files (x86)\Plsesh
2016-05-24 09:32 - 2016-05-24 09:32 - 00000000 ____D C:\Program Files (x86)\Hqationqwich
2016-05-17 15:59 - 2016-05-17 15:59 - 00000054 _____ C:\Users\Tom\Desktop\New Text Document.txt
2016-05-16 11:14 - 2016-05-24 10:42 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Thunderbird
2016-05-14 11:36 - 2016-05-14 11:36 - 00000517 _____ C:\Users\Tom\Desktop\dhl.txt
2016-05-11 06:13 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:13 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:13 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:13 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:13 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:13 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:13 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 06:13 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:13 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:13 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 06:13 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 06:13 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-05-11 06:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:13 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:13 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 06:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 06:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 06:13 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 06:13 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 06:13 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 06:13 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 06:13 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:13 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 06:13 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:13 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:13 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:13 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:13 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 06:13 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 06:13 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-05-11 06:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-05-11 06:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-11 06:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-05-11 06:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-11 06:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 06:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 06:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-11 06:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-28 10:50 - 2016-04-28 16:17 - 01421312 _____ C:\Users\Tom\Desktop\Untitled-1.indd
2016-04-28 10:50 - 2016-04-28 16:17 - 00064133 _____ C:\Users\Tom\Desktop\Untitled-1.pdf
2016-04-25 14:11 - 2016-04-25 14:12 - 00000814 _____ C:\Users\Tom\Desktop\seznam IP adres_25_4_2016.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-24 22:28 - 2015-09-03 09:03 - 00000950 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-24 22:12 - 2015-09-03 08:46 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job
2016-05-24 15:58 - 2015-09-03 08:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2016-05-24 12:53 - 2015-09-03 08:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2130369096-4029822526-2213145148-1001
2016-05-24 12:45 - 2013-09-30 06:20 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-24 12:45 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-05-24 12:41 - 2015-09-03 09:03 - 00000946 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-24 12:40 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001207 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001199 _____ C:\Users\Tom\Desktop\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2016-05-24 12:34 - 2015-09-03 08:38 - 00000995 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-24 10:42 - 2016-03-02 16:37 - 00000000 ____D C:\Users\Tom\AppData\Local\CloudStation
2016-05-23 23:12 - 2015-09-03 08:46 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job
2016-05-22 14:54 - 2015-09-03 08:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-20 14:14 - 2015-09-03 09:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-20 13:17 - 2016-02-12 13:49 - 00000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2016-05-19 17:01 - 2015-10-20 15:40 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
2016-05-19 09:52 - 2015-12-28 23:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-18 02:52 - 2015-12-04 20:55 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 02:52 - 2015-12-04 20:55 - 00000971 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-15 03:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-05-14 11:38 - 2013-08-22 16:44 - 05323568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-14 11:37 - 2015-09-09 13:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 11:37 - 2013-09-30 05:56 - 00000000 ____D C:\Windows\system32\Drivers\en-GB
2016-05-14 03:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-12 02:13 - 2015-09-07 09:23 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 02:13 - 2013-09-30 06:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 02:10 - 2015-09-07 09:23 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 02:10 - 2015-09-03 08:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-05-11 22:08 - 2013-08-22 17:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 06:13 - 2016-04-13 08:13 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-05-11 03:38 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2016-05-11 01:23 - 2015-09-03 09:03 - 00003922 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 01:23 - 2015-09-03 09:03 - 00003686 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 23:07 - 2015-09-03 08:46 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA
2016-05-10 23:07 - 2015-09-03 08:46 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core
2016-05-10 15:01 - 2015-09-03 09:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-03 17:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-02 13:41 - 2016-04-11 09:48 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-04-30 19:33 - 2015-10-20 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-27 08:24 - 2015-09-03 09:03 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-09-17 10:42 - 2015-09-17 10:45 - 0006842 _____ () C:\Users\Tom\AppData\Local\DTP Cloud Log.txt
2016-02-11 15:44 - 2016-02-11 15:44 - 0000723 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2016-05-24 10:41 - 2016-05-24 10:41 - 0007605 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tom\AppData\Local\Temp\libeay32.dll
C:\Users\Tom\AppData\Local\Temp\msvcr120.dll
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll
C:\Users\Tom\AppData\Local\Temp\Synology-Cloud-Station-Drive-Upgrader.exe
C:\Users\Tom\AppData\Local\Temp\Synology-Cloud-Station-Upgrader.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-22 05:08

==================== End of FRST.txt ============================

Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-24 22:45:18)
Running from C:\Users\Tom\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-03 06:38:54)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2130369096-4029822526-2213145148-500 - Administrator - Disabled)
Guest (S-1-5-21-2130369096-4029822526-2213145148-501 - Limited - Disabled)
Tom (S-1-5-21-2130369096-4029822526-2213145148-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.1.0.421 - Adobe Systems Incorporated)
Apollo 2015.2.0 (HKLM-x32\...\Apollo - Informační Centrum VUT_is1) (Version: - CVIS, VUT v Brně)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Daniel's XL Toolbox 6.60 (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1) (Version: - Daniel Kraus)
doPDF (Version: 8.3.934 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{0ebed438-cc81-46f7-914b-a4c93d5780f2}) (Version: 8.3.934 - Softland)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Google Chrome) (Version: 50.0.2661.102 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
LyX 2.1.4 (HKLM-x32\...\LyX214) (Version: 2.1.4 - LyX Team)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Firefox 45.0.1 (x86 cs) (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Mozilla Firefox 45.0.1 (x86 cs)) (Version: 45.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{0A1F1D6B-9780-4316-9902-437E9449FC7C}) (Version: 8.3.934 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{6E283717-7B3F-4E26-9D0A-917933ACF199}) (Version: 8.3.934 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1CC99933-93FC-40BA-A3DD-286FB87CBF2F}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{A8A71610-DE04-4C9E-AE89-60BCA8E20453}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{0FD5EC80-F729-442E-8745-F60315842D9B}) (Version: 8.3.934 - Softland)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.43.1001.2015 - Realtek)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synology Cloud Station Drive (HKLM-x32\...\{1654A7C6-25A5-4BED-AABE-8A03E6BD3986}) (Version: 4.0.4203 - Synology)
TableCurve 2D v5.01 (HKLM-x32\...\TableCurve 2D v5.01) (Version: - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Zotero Standalone 4.0.28.7 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.28.7 (x86 en-US)) (Version: 4.0.28.7 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E5052F4-BA24-4BC4-BB0C-B6FA92CF781E} - System32\Tasks\Wake From Sleep => C:\Program Files (x86)\TeamViewer\TeamViewer.exe [2016-05-12] (TeamViewer GmbH)
Task: {0F0A52B0-3DB7-4690-BB55-E833E8F5124F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {13EAA7FB-2D9D-470E-97B3-DCB14E250383} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-07-14] ()
Task: {288FC7AA-4E0E-4FED-B9C2-9AD31D2F080A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {3EADF9BD-EA38-4800-A860-E84FF14988D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {450C21AD-DD69-42D7-8A63-8C5E95824685} - System32\Tasks\Plsesh Community => C:\Program Files (x86)\Plsesh\plscmmTask.exe [2016-05-23] () <==== ATTENTION
Task: {6163E9DC-3105-4775-B870-A92823CC6E40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6DEDC162-0A17-4EED-A335-CC07D386E643} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {90ADB01F-5DED-4822-9543-06E94BCD27E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {9BFD7276-ED51-4A92-8420-E29C8C55B7A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {C51EEA82-C135-4D94-BED7-2DF8FC877B52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {DAD841C9-B212-4EF7-AD83-9823DBABE5EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-12] (Microsoft Corporation)
Task: {F008685D-4469-4A7E-86D3-D2408ACBC7ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 19:47 - 2016-03-16 19:47 - 00287240 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2015-07-14 12:34 - 2015-07-14 12:34 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00052512 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01249280 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll
2016-05-24 18:16 - 2016-05-24 18:16 - 19867720 _____ () C:\Users\Tom\Desktop\RogueKiller.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-24 12:41 - 2016-05-24 12:41 - 00098816 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32api.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00110080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\pywintypes27.dll
2016-05-24 12:41 - 2016-05-24 12:41 - 00364544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\pythoncom27.dll
2016-05-24 12:41 - 2016-05-24 12:41 - 00320512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32com.shell.shell.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00776704 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_hashlib.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 01176576 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._core_.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00806400 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._gdi_.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00816128 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._windows_.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 01067008 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._controls_.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00733184 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._misc_.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00682496 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\pysqlite2._sqlite.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_ctypes.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00119808 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32file.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00108544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32security.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00007168 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\hashobjs_ext.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00017920 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\thumbnails_ext.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\usb_ext.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00167936 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32gui.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00018432 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32event.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00046080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_socket.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 01208320 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_ssl.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00128512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_elementtree.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00127488 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\pyexpat.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00012288 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\common.time34.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00038912 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32inet.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00036864 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_psutil_windows.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00525208 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\windows._lib_cacheinvalidation.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00011264 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32crypt.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00077312 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._html2.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00027136 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_multiprocessing.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00020480 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\_yappi.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00035840 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32process.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00686080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\unicodedata.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00078848 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._animate.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00123392 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\wx._wizard.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00024064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32pipe.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00010240 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\select.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00025600 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32pdh.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00017408 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32profile.pyd
2016-05-24 12:41 - 2016-05-24 12:41 - 00022528 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI38562\win32ts.pyd
2016-04-19 16:41 - 2016-04-19 16:41 - 00123918 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01026062 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00524460 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03036430 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01798570 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00115214 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03095505 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 21565192 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00712704 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00031744 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00046080 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00032768 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00516608 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00243200 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00431616 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2016-05-24 14:19 - 2016-05-24 14:19 - 00008704 _____ () C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\newadvsplash.dll
2016-05-24 14:19 - 2016-05-24 14:19 - 00011264 _____ () C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\System.dll
2016-05-24 14:19 - 2016-05-24 14:19 - 00029696 _____ () C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\registry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 147.229.37.10 - 147.229.37.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: SwitchBoard => 3
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87369E74-CCEB-4B90-A9D4-22DC1DD12163}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8DDE4C7D-6A13-43AE-B4FD-7A4272D17094}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{978F776B-6CDA-4BAE-B178-8AE08BB99774}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EAC00440-267F-4511-B6EB-A7BBE2BF1278}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6CFA9B0-C1D2-477D-9481-DF32777F33C0}] => (Allow) LPort=8501
FirewallRules: [{F9B729B9-CC68-4F91-9E19-9ADDA42F57FC}] => (Allow) LPort=8501
FirewallRules: [{DF018E53-FEFE-4F65-8A7A-96D15FE871C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F71B25DC-8643-49C8-AE9E-0DFA88A1DEC2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5EE3DEC3-9790-42B2-9BA9-ED248D1A9C23}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A8BCD122-23B5-4701-BC0C-D6B74F2775F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F248EC43-80A8-4D78-9828-4F6A926ADD84}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AAD5C9EE-757A-41BB-8121-DDCB74440F7F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{73F470E3-BFB3-4539-8B53-8DDB25E0FFB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3B4B29B-862F-479F-8A1B-C9900D811817}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4C0A44A1-0B7D-4112-AF32-DE8DFC76DBF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9EE2DF36-CD16-454E-846D-9535F14B090F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{078EC3CE-1F3E-40ED-B850-A1564D6501E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{68909BC6-1D3D-40E6-914A-1A35D3B027E0}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{78FB3809-555E-457C-B44A-27490B47DF89}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{12FE973F-DA71-42BE-8384-478FB90CEB98}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{3D891F1F-31FC-4C53-91C6-F44B658EFF75}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{63AFEE85-04E9-4D5D-87C5-527DCE38D9BD}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [{1E2DE8F6-00BE-4A98-985B-49EED3036B6A}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [TCP Query User{E4ABEE25-75C0-483A-8D4A-09CD12F4A44F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{05F4C41E-39C9-4B77-96AC-060216858EC4}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{6670D738-F151-46BB-BBE6-93234B2EDC94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EEF886B-821E-4EE7-8689-E0E221FAEE4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B795D14-8B41-4BF9-A1A8-9A561705BD3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AE4936FE-F1F3-49E9-92AD-45D375541D50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

06-05-2016 04:09:12 Windows Update
11-05-2016 03:37:14 Windows Update
18-05-2016 05:13:59 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2016 03:07:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/19/2016 03:52:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/18/2016 05:14:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/13/2016 05:06:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/12/2016 02:09:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/11/2016 03:37:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2016 04:09:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2016 04:09:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/05/2016 03:31:58 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (04/30/2016 08:15:45 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

System errors:
=============
Error: (05/24/2016 06:17:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cloud Station Drive VSS Service x64 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:40:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/24/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2016 12:34:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 18%
Total physical RAM: 32630 MB
Available physical RAM: 26511.52 MB
Total Virtual: 37494 MB
Available Virtual: 32017.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:151.81 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:905.61 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

#6 Příspěvek od **altrok** » 24 kvě 2016 21:55

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\newadvsplash.dll
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\System.dll
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\registry.dll
Folder: C:\Program Files (x86)\Plsesh
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
File: C:\Program Files (x86)\Plsesh\plscmmTask.exe
Folder: C:\Program Files (x86)\Hqationqwich
Folder: C:\Program Files (x86)\Druigh
Task: {450C21AD-DD69-42D7-8A63-8C5E95824685} - System32\Tasks\Plsesh Community => C:\Program Files (x86)\Plsesh\plscmmTask.exe [2016-05-23] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
End

imicro · #7 Příspěvek od **imicro** » 25 kvě 2016 08:35

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-25 09:33:27) Run:1
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\newadvsplash.dll
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\System.dll
File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\registry.dll
Folder: C:\Program Files (x86)\Plsesh
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
File: C:\Program Files (x86)\Plsesh\plscmmTask.exe
Folder: C:\Program Files (x86)\Hqationqwich
Folder: C:\Program Files (x86)\Druigh
Task: {450C21AD-DD69-42D7-8A63-8C5E95824685} - System32\Tasks\Plsesh Community => C:\Program Files (x86)\Plsesh\plscmmTask.exe [2016-05-23] () <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************

========================= File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\newadvsplash.dll ========================

====== End of File: ======

========================= File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\System.dll ========================

====== End of File: ======

========================= File: C:\Users\Tom\AppData\Local\Temp\nsg37A6.tmp\registry.dll ========================

====== End of File: ======

========================= Folder: C:\Program Files (x86)\Plsesh ========================

2016-05-24 09:32 - 2016-05-23 08:51 - 0985752 _____ () C:\Program Files (x86)\Plsesh\plscmmService.exe
2016-05-24 09:32 - 2016-05-23 08:51 - 0325784 _____ () C:\Program Files (x86)\Plsesh\plscmmTask.exe

====== End of Folder: ======

========================= File: C:\Program Files (x86)\Plsesh\plscmmService.exe ========================

====== End of File: ======

========================= File: C:\Program Files (x86)\Plsesh\plscmmTask.exe ========================

====== End of File: ======

========================= Folder: C:\Program Files (x86)\Hqationqwich ========================

2016-05-25 08:32 - 2016-05-25 08:32 - 0001432 _____ () C:\Program Files (x86)\Hqationqwich\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
2016-05-25 08:32 - 2016-04-25 05:31 - 0690144 _____ (Tencent) C:\Program Files (x86)\Hqationqwich\BrowserUpdate.exe71523140
2016-05-25 08:32 - 2016-05-23 06:08 - 0338960 _____ () C:\Program Files (x86)\Hqationqwich\chrome_elf.dll71523140
2016-05-25 08:32 - 2016-05-23 05:00 - 1031096 _____ (TSvr) C:\Program Files (x86)\Hqationqwich\ihpul.exe
2016-05-25 08:32 - 2016-05-25 07:02 - 0283664 _____ (org) C:\Program Files (x86)\Hqationqwich\qks.exe
2016-05-25 08:32 - 2016-05-25 07:02 - 0204848 _____ (Winzip) C:\Program Files (x86)\Hqationqwich\winzipper.exe
2016-05-25 08:32 - 2016-05-24 04:50 - 0216760 _____ (WFini LIMITED) C:\Program Files (x86)\Hqationqwich\wpm.exe

====== End of Folder: ======

========================= Folder: C:\Program Files (x86)\Druigh ========================

====== End of Folder: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{450C21AD-DD69-42D7-8A63-8C5E95824685}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{450C21AD-DD69-42D7-8A63-8C5E95824685}" => key removed successfully
C:\Windows\System32\Tasks\Plsesh Community => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plsesh Community" => key removed successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA.job => moved successfully

==== End of Fixlog 09:33:30 ====

#8 Příspěvek od **altrok** » 25 kvě 2016 13:05

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
ListPermissions: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmTask.exe
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmService.exe
End

imicro · #9 Příspěvek od **imicro** » 25 kvě 2016 13:19

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-25 14:17:42) Run:2
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
ListPermissions: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmTask.exe
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmService.exe
End

*****************

===================================
permissions of "C:\Program Files (x86)\Plsesh":

Owner: BUILTIN\Administrators

DACL(AI):

NT SERVICE\TrustedInstaller ALLOW FULL (I)
NT SERVICE\TrustedInstaller ALLOW FULL (CI-I-OI)
NT AUTHORITY\SYSTEM ALLOW FULL (I)
NT AUTHORITY\SYSTEM ALLOW FULL (OI-CI-I-OI)
BUILTIN\Administrators ALLOW FULL (I)
BUILTIN\Administrators ALLOW FULL (OI-CI-I-OI)
BUILTIN\Users ALLOW READ/EXECUTE (I)
BUILTIN\Users ALLOW READ/EXECUTE (OI-CI-I-OI)
CREATOR OWNER ALLOW FULL (OI-CI-I-OI)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW READ/EXECUTE (I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW READ/EXECUTE (OI-CI-I-OI)

===================================
===================================
permissions of "C:\Program Files (x86)\Plsesh\plscmmTask.exe":

Owner: BUILTIN\Administrators

DACL(AI):

NT AUTHORITY\SYSTEM ALLOW FULL (I)
BUILTIN\Administrators ALLOW FULL (I)
BUILTIN\Users ALLOW READ/EXECUTE (I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW READ/EXECUTE (I)

===================================
===================================
permissions of "C:\Program Files (x86)\Plsesh\plscmmService.exe":

Owner: BUILTIN\Administrators

DACL(AI):

NT AUTHORITY\SYSTEM ALLOW FULL (I)
BUILTIN\Administrators ALLOW FULL (I)
BUILTIN\Users ALLOW READ/EXECUTE (I)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES ALLOW READ/EXECUTE (I)

===================================

==== End of Fixlog 14:17:42 ====

#10 Příspěvek od **altrok** » 25 kvě 2016 13:43

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
Unlock: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmTask.exe
File: C:\Program Files (x86)\Plsesh\plscmmTask.exe
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
End

imicro · #11 Příspěvek od **imicro** » 25 kvě 2016 13:55

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-25 14:53:48) Run:3
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Unlock: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh
ListPermissions: C:\Program Files (x86)\Plsesh\plscmmTask.exe
File: C:\Program Files (x86)\Plsesh\plscmmTask.exe
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
End
*****************

"C:\Program Files (x86)\Plsesh" => was unlocked
===================================
permissions of "C:\Program Files (x86)\Plsesh":

Owner: EVERYONE

DACL(PAI):

EVERYONE ALLOW FULL (NI)

===================================
===================================
permissions of "C:\Program Files (x86)\Plsesh\plscmmTask.exe":

Owner: EVERYONE

DACL(PAI):

EVERYONE ALLOW FULL (NI)

===================================

========================= File: C:\Program Files (x86)\Plsesh\plscmmTask.exe ========================

====== End of File: ======

========================= File: C:\Program Files (x86)\Plsesh\plscmmService.exe ========================

====== End of File: ======

==== End of Fixlog 14:53:50 ====

#12 Příspěvek od **altrok** » 25 kvě 2016 14:26

Restartujte PC, pote spustte FRST jako spravce (klik pravym - Spustit jako spravce).

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
ve spustenem FRST kliknete na Fix

na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

Kód: Vybrat vše

Start
Folder: C:\Program Files (x86)\Plsesh
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
End

imicro · #13 Příspěvek od **imicro** » 25 kvě 2016 14:48

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-25 15:47:21) Run:4
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
Folder: C:\Program Files (x86)\Plsesh
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
End
*****************

========================= Folder: C:\Program Files (x86)\Plsesh ========================

2016-05-24 09:32 - 2016-05-23 08:51 - 0985752 _____ () C:\Program Files (x86)\Plsesh\plscmmService.exe
2016-05-24 09:32 - 2016-05-23 08:51 - 0325784 _____ () C:\Program Files (x86)\Plsesh\plscmmTask.exe

====== End of Folder: ======

========================= File: C:\Program Files (x86)\Plsesh\plscmmService.exe ========================

====== End of File: ======

==== End of Fixlog 15:47:23 ====

#14 Příspěvek od **altrok** » 25 kvě 2016 14:59

Slozky

C:\Program Files (x86)\Plsesh
C:\Program Files (x86)\Hqationqwich

zabalte do zipu/raru a uploadnete na leteckaposta.cz - link (odkaz) ke stazeni vlozte do pristi odpovedi.

imicro · #15 Příspěvek od **imicro** » 25 kvě 2016 15:09

Link:

hxxp://leteckaposta.cz/xxxx

VIRY.CZ

Prosím o kontrolu

Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu

Re: Prosím o kontrolu