Prosím o kontrolu

[altrok]

Za vzorek dekuji.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• na plose bude ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CMD: sc stop plscmmService
  DisableService: plscmmService
  File: C:\Program Files (x86)\Plsesh\plscmmService.exe
  End

[imicro]

Fix result of Farbar Recovery Scan Tool (x64) Version:24-05-2016 01
Ran by Tom (2016-05-25 16:26:49) Run:5
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: sc stop plscmmService
DisableService: plscmmService
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
End
*****************


========= sc stop plscmmService =========

[SC] ControlService FAILED 1062:

The service has not been started.


========= End of CMD: =========

plscmmService => service was disabled

========================= File: C:\Program Files (x86)\Plsesh\plscmmService.exe ========================

====== End of File: ======


==== End of Fixlog 16:26:50 ====

[altrok]

Smazte FRST64.exe a stahnete novy na http://www.bleepingcomputer.com/downloa ... scan-tool/

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  File: C:\Program Files (x86)\Plsesh\plscmmService.exe
  File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
  File: C:\Users\Tom\Desktop\New Text Document.txt
  HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [AdobeBridge] => [X]
  HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [DAEMON Tools Lite] => D:\_Tom\Programy\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
  HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\MountPoints2: {5fd9a1aa-7b57-11e5-826f-d8cb8a1b0d5f} - "E:\AutoRun.exe" "1, EndNote X7, Thomson Reuters Scientific LLC."
  FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=loadm
  FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=loadm
  FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\searchplugins\7ell96dl.xml [2016-05-24]
  FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org [2016-05-17]
  FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
  FF Extension: GsearchFinder - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-23]
  FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\lyz@zotero.org [2016-05-24]
  FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
  CHR HomePage: ChromeDefaultData -> hxxp://www.seznam.cz/?clid=13415
  CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-
  CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB30rBH4pAE..&v=20160523&uid=8433E0C8B37649B0FF113F746EA3FC2A&ptid=epf1&mode=loadm"
  S2 plscmmService; C:\Program Files (x86)\Plsesh\plscmmService.exe [985752 2016-05-23] ()
  2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\Program Files\trend micro
  File: C:\Windows\system32\winlogon.exe
  File: C:\Windows\explorer.exe
  EmptyTemp:
  End

[imicro]

Fix result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Tom (2016-05-25 17:08:27) Run:6
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
File: C:\Program Files (x86)\Plsesh\plscmmService.exe
File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
File: C:\Users\Tom\Desktop\New Text Document.txt
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [DAEMON Tools Lite] => D:\_Tom\Programy\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\MountPoints2: {5fd9a1aa-7b57-11e5-826f-d8cb8a1b0d5f} - "E:\AutoRun.exe" "1, EndNote X7, Thomson Reuters Scientific LLC."
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=loadm
FF Homepage: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?t ... mode=loadm
FF SearchPlugin: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\searchplugins\7ell96dl.xml [2016-05-24]
FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org [2016-05-17]
FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
FF Extension: GsearchFinder - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-23]
FF Extension: LyZ - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\lyz@zotero.org [2016-05-24]
FF Extension: Zotero - C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\zotero@chnm.gmu.edu.xpi [2016-05-17]
CHR HomePage: ChromeDefaultData -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3 ... mode=loadm"
S2 plscmmService; C:\Program Files (x86)\Plsesh\plscmmService.exe [985752 2016-05-23] ()
2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\Program Files\trend micro
File: C:\Windows\system32\winlogon.exe
File: C:\Windows\explorer.exe
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Program Files (x86)\Plsesh\plscmmService.exe ========================

File is digitally signed
MD5: 4EED464193CBE5C5C05944514D5344CA
Creation and modification date: 2016-05-24 09:32 - 2016-05-23 08:51
Size: 0985752
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ========================

File not signed
MD5: 2D17267C1B2A9B4896558A56EF699634
Creation and modification date: 2015-09-03 09:01 - 2016-05-20 14:14
Size: 0002457
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


========================= File: C:\Users\Tom\Desktop\New Text Document.txt ========================

File not signed
MD5: DD252ED978AAD345809A49EDF557EBE5
Creation and modification date: 2016-05-17 15:59 - 2016-05-17 15:59
Size: 0000054
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
"HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5fd9a1aa-7b57-11e5-826f-d8cb8a1b0d5f}" => key removed successfully
HKCR\CLSID\{5fd9a1aa-7b57-11e5-826f-d8cb8a1b0d5f} => key not found.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\searchplugins\7ell96dl.xml => moved successfully
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org => moved successfully
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org => path removed successfully
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi => moved successfully
C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi => path removed successfully
C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi => moved successfully
C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\lyz@zotero.org => moved successfully
C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default\Extensions\zotero@chnm.gmu.edu.xpi => moved successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome StartupUrls => not found.
plscmmService => service removed successfully
C:\Program Files\trend micro => moved successfully

========================= File: C:\Windows\system32\winlogon.exe ========================

File is digitally signed
MD5: B1102BBDDD9C87B3D609D6C08F7A3DBD
Creation and modification date: 2016-03-09 03:55 - 2016-01-05 17:00
Size: 0570880
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: winlogon
Original Name: WINLOGON.EXE
Product: Microsoft® Windows® Operating System
Description: Windows Logon Application
File Version: 6.3.9600.18188 (winblue_ltsb.160105-0600)
Product Version: 6.3.9600.18188
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======


========================= File: C:\Windows\explorer.exe ========================

File is digitally signed
MD5: B3541A5A20C6264781909B1B7FE54836
Creation and modification date: 2016-04-13 08:13 - 2016-02-09 03:31
Size: 2757616
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: explorer
Original Name: EXPLORER.EXE
Product: Microsoft® Windows® Operating System
Description: Windows Explorer
File Version: 6.3.9600.18231 (winblue_ltsb.160208-0600)
Product Version: 6.3.9600.18231
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======

EmptyTemp: => 771.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:08:38 ====

[altrok]

Dejte nove logy FRST.txt a Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101
Pozn. pri druhem a dalsim spusteni FRST je pro vytvoreni logu Addition.txt nutne tuto volbu explicitne zatrhnout pred zacatkem skenu.

[imicro]

FRST LOG:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016
Ran by Tom (administrator) on TS (25-05-2016 17:13:17)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
(Winziper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(tsvr.com) C:\Users\Tom\AppData\Roaming\TSv\TSvr.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WFini LIMITED) C:\ProgramData\dwinpd\WFini.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [Google Update] => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc.)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-05-25]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2130369096-4029822526-2213145148-1001] => hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187
Tcpip\Parameters: [DhcpNameServer] 147.229.37.10 147.229.37.11
Tcpip\..\Interfaces\{D30EDFC4-97BF-4971-920E-791A55E6BDC5}: [DhcpNameServer] 147.229.37.10 147.229.37.11
ManualProxies: 0hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org [not found]
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi [not found]
StartMenuInternet: FIREFOX.EXE - D:\_Tom\Programy\Mozilla\firefox.exe

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3 ... mode=loadm"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287240 2016-03-16] ()
S3 Disc Soft Lite Bus Service; D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 IhPul; C:\Users\Tom\AppData\Roaming\TSv\TSvr.exe [475416 2016-05-23] (tsvr.com)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-07-14] (Microsoft)
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [764432 2016-05-24] (Qksee Pvt Ltd.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R2 WdMan; C:\ProgramData\dwinpd\WFini.exe [216760 2016-05-24] (WFini LIMITED)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1068112 2016-05-25] (Winziper Pvt Ltd.) <==== ATTENTION

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-10-29] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-24] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 16:07 - 2016-05-25 16:07 - 01947195 _____ C:\Users\Tom\Desktop\Viry_forum.zip
2016-05-25 09:33 - 2016-05-25 17:08 - 00007258 _____ C:\Users\Tom\Desktop\Fixlog.txt
2016-05-25 08:33 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\qksee
2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\Users\Tom\AppData\Roaming\qksee
2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-05-25 08:32 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-05-25 08:32 - 2016-05-25 17:09 - 00000001 _____ C:\Windows\SysWOW64\en.html
2016-05-25 08:32 - 2016-05-25 08:32 - 00009326 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\WinZiper
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TSv
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\eCyber
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\dwinpd
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-05-24 22:45 - 2016-05-25 17:13 - 00013994 _____ C:\Users\Tom\Desktop\FRST.txt
2016-05-24 22:45 - 2016-05-24 22:45 - 00036879 _____ C:\Users\Tom\Desktop\Addition.txt
2016-05-24 22:44 - 2016-05-25 17:13 - 00000000 ____D C:\FRST
2016-05-24 22:43 - 2016-05-25 17:07 - 02382848 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2016-05-24 18:34 - 2016-05-24 18:34 - 00006930 _____ C:\Users\Tom\Desktop\rk_F965.tmp.txt
2016-05-24 18:34 - 2016-05-24 18:34 - 00006928 _____ C:\Users\Tom\Desktop\Viry forum.txt
2016-05-24 18:17 - 2016-05-24 18:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-24 18:16 - 2016-05-24 18:16 - 19867720 _____ C:\Users\Tom\Desktop\RogueKiller.exe
2016-05-24 18:16 - 2016-05-24 18:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\rsit
2016-05-24 12:31 - 2016-05-24 12:40 - 00000000 ____D C:\AdwCleaner
2016-05-24 10:41 - 2016-05-24 10:41 - 00007605 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2016-05-24 09:32 - 2016-05-25 15:45 - 00000000 ____D C:\Program Files (x86)\Hqationqwich
2016-05-24 09:32 - 2016-05-24 11:20 - 00000000 ____D C:\Program Files (x86)\Druigh
2016-05-24 09:32 - 2016-05-24 09:32 - 00000000 ____D C:\Program Files (x86)\Plsesh
2016-05-17 15:59 - 2016-05-17 15:59 - 00000054 _____ C:\Users\Tom\Desktop\New Text Document.txt
2016-05-16 11:14 - 2016-05-25 15:45 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Thunderbird
2016-05-14 11:36 - 2016-05-14 11:36 - 00000517 _____ C:\Users\Tom\Desktop\dhl.txt
2016-05-11 06:13 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:13 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:13 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:13 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:13 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:13 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:13 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 06:13 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:13 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:13 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 06:13 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 06:13 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-05-11 06:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:13 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:13 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 06:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 06:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 06:13 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 06:13 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 06:13 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 06:13 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 06:13 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:13 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 06:13 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:13 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:13 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:13 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:13 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 06:13 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 06:13 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-05-11 06:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-05-11 06:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-11 06:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-05-11 06:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-11 06:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 06:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 06:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-11 06:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-28 10:50 - 2016-04-28 16:17 - 01421312 _____ C:\Users\Tom\Desktop\Untitled-1.indd
2016-04-28 10:50 - 2016-04-28 16:17 - 00064133 _____ C:\Users\Tom\Desktop\Untitled-1.pdf
2016-04-25 14:11 - 2016-04-25 14:12 - 00000814 _____ C:\Users\Tom\Desktop\seznam IP adres_25_4_2016.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 17:09 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 15:51 - 2013-09-30 06:20 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-25 15:51 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-05-25 14:16 - 2016-02-12 13:49 - 00000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2016-05-25 09:40 - 2015-09-03 08:49 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2130369096-4029822526-2213145148-1001
2016-05-24 15:58 - 2015-09-03 08:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001207 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001199 _____ C:\Users\Tom\Desktop\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2016-05-24 12:34 - 2015-09-03 08:38 - 00000995 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-24 10:42 - 2016-03-02 16:37 - 00000000 ____D C:\Users\Tom\AppData\Local\CloudStation
2016-05-22 14:54 - 2015-09-03 08:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-20 14:14 - 2015-09-03 09:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 17:01 - 2015-10-20 15:40 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
2016-05-19 09:52 - 2015-12-28 23:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-18 02:52 - 2015-12-04 20:55 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 02:52 - 2015-12-04 20:55 - 00000971 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-15 03:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-05-14 11:38 - 2013-08-22 16:44 - 05323568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-14 11:37 - 2015-09-09 13:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 11:37 - 2013-09-30 05:56 - 00000000 ____D C:\Windows\system32\Drivers\en-GB
2016-05-14 03:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-12 02:13 - 2015-09-07 09:23 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 02:13 - 2013-09-30 06:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 02:10 - 2015-09-07 09:23 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 02:10 - 2015-09-03 08:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-05-11 22:08 - 2013-08-22 17:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 06:13 - 2016-04-13 08:13 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-05-11 03:38 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2016-05-11 01:23 - 2015-09-03 09:03 - 00003922 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 01:23 - 2015-09-03 09:03 - 00003686 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 23:07 - 2015-09-03 08:46 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA
2016-05-10 23:07 - 2015-09-03 08:46 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core
2016-05-10 15:01 - 2015-09-03 09:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-03 17:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-02 13:41 - 2016-04-11 09:48 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-04-30 19:33 - 2015-10-20 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-27 08:24 - 2015-09-03 09:03 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-09-17 10:42 - 2015-09-17 10:45 - 0006842 _____ () C:\Users\Tom\AppData\Local\DTP Cloud Log.txt
2016-02-11 15:44 - 2016-02-11 15:44 - 0000723 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2016-05-24 10:41 - 2016-05-24 10:41 - 0007605 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-22 05:08

==================== End of FRST.txt ============================

ADDITION LOG:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Tom (2016-05-25 17:13:31)
Running from C:\Users\Tom\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-03 06:38:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2130369096-4029822526-2213145148-500 - Administrator - Disabled)
Guest (S-1-5-21-2130369096-4029822526-2213145148-501 - Limited - Disabled)
Tom (S-1-5-21-2130369096-4029822526-2213145148-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.1.0.421 - Adobe Systems Incorporated)
Apollo 2015.2.0 (HKLM-x32\...\Apollo - Informační Centrum VUT_is1) (Version: - CVIS, VUT v Brně)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Daniel's XL Toolbox 6.60 (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1) (Version: - Daniel Kraus)
doPDF (Version: 8.3.934 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{0ebed438-cc81-46f7-914b-a4c93d5780f2}) (Version: 8.3.934 - Softland)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Google Chrome) (Version: 50.0.2661.102 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
LyX 2.1.4 (HKLM-x32\...\LyX214) (Version: 2.1.4 - LyX Team)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Firefox 45.0.1 (x86 cs) (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Mozilla Firefox 45.0.1 (x86 cs)) (Version: 45.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{0A1F1D6B-9780-4316-9902-437E9449FC7C}) (Version: 8.3.934 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{6E283717-7B3F-4E26-9D0A-917933ACF199}) (Version: 8.3.934 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1CC99933-93FC-40BA-A3DD-286FB87CBF2F}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{A8A71610-DE04-4C9E-AE89-60BCA8E20453}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{0FD5EC80-F729-442E-8745-F60315842D9B}) (Version: 8.3.934 - Softland)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.43.1001.2015 - Realtek)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synology Cloud Station Drive (HKLM-x32\...\{1654A7C6-25A5-4BED-AABE-8A03E6BD3986}) (Version: 4.0.4203 - Synology)
TableCurve 2D v5.01 (HKLM-x32\...\TableCurve 2D v5.01) (Version: - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.0 - Winzipper Pvt Ltd.) <==== ATTENTION
Zotero Standalone 4.0.28.7 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.28.7 (x86 en-US)) (Version: 4.0.28.7 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E5052F4-BA24-4BC4-BB0C-B6FA92CF781E} - System32\Tasks\Wake From Sleep => C:\Program Files (x86)\TeamViewer\TeamViewer.exe [2016-05-12] (TeamViewer GmbH)
Task: {0F0A52B0-3DB7-4690-BB55-E833E8F5124F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {13EAA7FB-2D9D-470E-97B3-DCB14E250383} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-07-14] ()
Task: {288FC7AA-4E0E-4FED-B9C2-9AD31D2F080A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {3EADF9BD-EA38-4800-A860-E84FF14988D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {6163E9DC-3105-4775-B870-A92823CC6E40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6DEDC162-0A17-4EED-A335-CC07D386E643} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {90ADB01F-5DED-4822-9543-06E94BCD27E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {9BFD7276-ED51-4A92-8420-E29C8C55B7A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {C51EEA82-C135-4D94-BED7-2DF8FC877B52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {DAD841C9-B212-4EF7-AD83-9823DBABE5EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-12] (Microsoft Corporation)
Task: {F008685D-4469-4A7E-86D3-D2408ACBC7ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F3632A33-C765-42A3-9736-777888104149} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\8433E0C8B37649B0FF113F746EA3FC2A\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 19:47 - 2016-03-16 19:47 - 00287240 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2015-07-14 12:34 - 2015-07-14 12:34 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00052512 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01249280 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll
2016-05-25 08:33 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-05-25 08:33 - 2016-05-24 04:09 - 00062992 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-05-25 08:32 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-05-25 08:32 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2016-05-25 17:09 - 2016-05-25 17:09 - 00098816 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32api.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00110080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\pywintypes27.dll
2016-05-25 17:09 - 2016-05-25 17:09 - 00364544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\pythoncom27.dll
2016-05-25 17:09 - 2016-05-25 17:09 - 00320512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32com.shell.shell.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00776704 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_hashlib.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 01176576 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._core_.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00806400 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._gdi_.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00816128 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._windows_.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 01067008 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._controls_.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00733184 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._misc_.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00682496 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\pysqlite2._sqlite.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_ctypes.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00119808 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32file.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00108544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32security.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00007168 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\hashobjs_ext.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00017920 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\thumbnails_ext.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\usb_ext.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00167936 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32gui.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00018432 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32event.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00046080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_socket.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 01208320 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_ssl.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00128512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_elementtree.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00127488 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\pyexpat.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00012288 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\common.time34.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00038912 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32inet.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00036864 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_psutil_windows.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00525208 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\windows._lib_cacheinvalidation.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00011264 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32crypt.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00077312 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._html2.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00027136 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_multiprocessing.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00020480 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\_yappi.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00035840 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32process.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00686080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\unicodedata.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00078848 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._animate.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00123392 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\wx._wizard.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00024064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32pipe.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00010240 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\select.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00025600 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32pdh.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00017408 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32profile.pyd
2016-05-25 17:09 - 2016-05-25 17:09 - 00022528 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI31402\win32ts.pyd
2016-04-19 16:41 - 2016-04-19 16:41 - 00123918 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01026062 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00524460 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03036430 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01798570 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00115214 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03095505 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 21565192 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00712704 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00031744 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00046080 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00032768 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00516608 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00243200 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00431616 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 147.229.37.10 - 147.229.37.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: SwitchBoard => 3
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87369E74-CCEB-4B90-A9D4-22DC1DD12163}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8DDE4C7D-6A13-43AE-B4FD-7A4272D17094}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{978F776B-6CDA-4BAE-B178-8AE08BB99774}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EAC00440-267F-4511-B6EB-A7BBE2BF1278}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6CFA9B0-C1D2-477D-9481-DF32777F33C0}] => (Allow) LPort=8501
FirewallRules: [{F9B729B9-CC68-4F91-9E19-9ADDA42F57FC}] => (Allow) LPort=8501
FirewallRules: [{DF018E53-FEFE-4F65-8A7A-96D15FE871C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F71B25DC-8643-49C8-AE9E-0DFA88A1DEC2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5EE3DEC3-9790-42B2-9BA9-ED248D1A9C23}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A8BCD122-23B5-4701-BC0C-D6B74F2775F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F248EC43-80A8-4D78-9828-4F6A926ADD84}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AAD5C9EE-757A-41BB-8121-DDCB74440F7F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{73F470E3-BFB3-4539-8B53-8DDB25E0FFB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3B4B29B-862F-479F-8A1B-C9900D811817}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4C0A44A1-0B7D-4112-AF32-DE8DFC76DBF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9EE2DF36-CD16-454E-846D-9535F14B090F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{078EC3CE-1F3E-40ED-B850-A1564D6501E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{68909BC6-1D3D-40E6-914A-1A35D3B027E0}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{78FB3809-555E-457C-B44A-27490B47DF89}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{12FE973F-DA71-42BE-8384-478FB90CEB98}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{3D891F1F-31FC-4C53-91C6-F44B658EFF75}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{63AFEE85-04E9-4D5D-87C5-527DCE38D9BD}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [{1E2DE8F6-00BE-4A98-985B-49EED3036B6A}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [TCP Query User{E4ABEE25-75C0-483A-8D4A-09CD12F4A44F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{05F4C41E-39C9-4B77-96AC-060216858EC4}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{6670D738-F151-46BB-BBE6-93234B2EDC94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EEF886B-821E-4EE7-8689-E0E221FAEE4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B795D14-8B41-4BF9-A1A8-9A561705BD3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AE4936FE-F1F3-49E9-92AD-45D375541D50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

11-05-2016 03:37:14 Windows Update
18-05-2016 05:13:59 Scheduled Checkpoint
25-05-2016 17:08:30 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2016 05:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/25/2016 05:08:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0e1768d7-a7a2-4e8e-a619-30135fdb779a}

Error: (05/20/2016 03:07:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/19/2016 03:52:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/18/2016 05:14:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/13/2016 05:06:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/12/2016 02:09:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/11/2016 03:37:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2016 04:09:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/06/2016 04:09:10 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)


System errors:
=============
Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WFini WdMan Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 11 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IhPul service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinZiper service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cloud Station Drive VSS Service x64 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:08:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 7%
Total physical RAM: 32630 MB
Available physical RAM: 30187.37 MB
Total Virtual: 37494 MB
Available Virtual: 34663.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:152.97 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:905.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 7488BAC0)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 61AA9518)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu bude na plose ulozen fixlog, jehoz obsah vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CreateRestorePoint:
  CloseProcesses:
  CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB30rBH4pAE..&v=20160523&uid=8433E0C8B37649B0FF113F746EA3FC2A&ptid=epf1&mode=loadm"
  R2 IhPul; C:\Users\Tom\AppData\Roaming\TSv\TSvr.exe [475416 2016-05-23] (tsvr.com)
  R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [764432 2016-05-24] (Qksee Pvt Ltd.)
  R2 WdMan; C:\ProgramData\dwinpd\WFini.exe [216760 2016-05-24] (WFini LIMITED)
  R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1068112 2016-05-25] (Winziper Pvt Ltd.) <==== ATTENTION
  2016-05-25 08:33 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\qksee
  2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\Users\Tom\AppData\Roaming\qksee
  2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
  2016-05-25 08:32 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\WinZipper
  2016-05-25 08:32 - 2016-05-25 17:09 - 00000001 _____ C:\Windows\SysWOW64\en.html
  2016-05-25 08:32 - 2016-05-25 08:32 - 00009326 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\WinZiper
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TSv
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\eCyber
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\dwinpd
  2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Program Files (x86)\QQBrowser
  2016-05-24 09:32 - 2016-05-25 15:45 - 00000000 ____D C:\Program Files (x86)\Hqationqwich
  2016-05-24 09:32 - 2016-05-24 11:20 - 00000000 ____D C:\Program Files (x86)\Druigh
  2016-05-24 09:32 - 2016-05-24 09:32 - 00000000 ____D C:\Program Files (x86)\Plsesh
  Task: {F3632A33-C765-42A3-9736-777888104149} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\8433E0C8B37649B0FF113F746EA3FC2A\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION
  EmptyTemp:
  End

[imicro]

Fix result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Tom (2016-05-25 17:39:42) Run:7
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3 ... mode=loadm"
R2 IhPul; C:\Users\Tom\AppData\Roaming\TSv\TSvr.exe [475416 2016-05-23] (tsvr.com)
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [764432 2016-05-24] (Qksee Pvt Ltd.)
R2 WdMan; C:\ProgramData\dwinpd\WFini.exe [216760 2016-05-24] (WFini LIMITED)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1068112 2016-05-25] (Winziper Pvt Ltd.) <==== ATTENTION
2016-05-25 08:33 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\qksee
2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\Users\Tom\AppData\Roaming\qksee
2016-05-25 08:33 - 2016-05-25 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-05-25 08:32 - 2016-05-25 17:12 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-05-25 08:32 - 2016-05-25 17:09 - 00000001 _____ C:\Windows\SysWOW64\en.html
2016-05-25 08:32 - 2016-05-25 08:32 - 00009326 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\WinZiper
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\TSv
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Users\Tom\AppData\Roaming\eCyber
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\ProgramData\dwinpd
2016-05-25 08:32 - 2016-05-25 08:32 - 00000000 ____D C:\Program Files (x86)\QQBrowser
2016-05-24 09:32 - 2016-05-25 15:45 - 00000000 ____D C:\Program Files (x86)\Hqationqwich
2016-05-24 09:32 - 2016-05-24 11:20 - 00000000 ____D C:\Program Files (x86)\Druigh
2016-05-24 09:32 - 2016-05-24 09:32 - 00000000 ____D C:\Program Files (x86)\Plsesh
Task: {F3632A33-C765-42A3-9736-777888104149} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\8433E0C8B37649B0FF113F746EA3FC2A\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
Chrome StartupUrls => removed successfully
IhPul => service removed successfully
qkseeService => service removed successfully
WdMan => service removed successfully
winzipersvc => service removed successfully
C:\Program Files (x86)\qksee => moved successfully
C:\Users\Tom\AppData\Roaming\qksee => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee => moved successfully
C:\Program Files (x86)\WinZipper => moved successfully
C:\Windows\SysWOW64\en.html => moved successfully
C:\Windows\System32\Tasks\Browser Updater Task(Core) => moved successfully
C:\Users\Tom\AppData\Roaming\WinZiper => moved successfully
C:\Users\Tom\AppData\Roaming\TSv => moved successfully
C:\Users\Tom\AppData\Roaming\eCyber => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip => moved successfully
C:\ProgramData\dwinpd => moved successfully
C:\Program Files (x86)\QQBrowser => moved successfully
C:\Program Files (x86)\Hqationqwich => moved successfully
C:\Program Files (x86)\Druigh => moved successfully
C:\Program Files (x86)\Plsesh => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3632A33-C765-42A3-9736-777888104149}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3632A33-C765-42A3-9736-777888104149}" => key removed successfully
C:\Windows\System32\Tasks\Browser Updater Task(Core) => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Browser Updater Task(Core)" => key removed successfully
EmptyTemp: => 41.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:39:45 ====

[altrok]

Havet, kterou jsme v poslednim kroku mazali, pribyla dnes dopoledne - spustte znovu AdwCleaner (viz nize).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan (Skenovani), pote na Cleaning (Cisteni)
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner[Cx].txt), jehoz obsah zkopirujte do pristi odpovedi

[imicro]

# AdwCleaner v5.117 - Logfile created 25/05/2016 at 17:53:59
# Updated 15/05/2016 by Xplode
# Database : 2016-05-23.3 [Server]
# Operating system : Windows 8.1 Pro (X64)
# Username : Tom - TS
# Running from : C:\Users\Tom\Desktop\adwcleaner_5.117.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\qkseeSvc
[-] Key Deleted : HKLM\SOFTWARE\qksee
[-] Key Deleted : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\qksee
[-] Key Deleted : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
[-] Key Deleted : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3987 bytes] - [24/05/2016 12:34:08]
C:\AdwCleaner\AdwCleaner[C2].txt - [1367 bytes] - [24/05/2016 12:40:22]
C:\AdwCleaner\AdwCleaner[C3].txt - [3506 bytes] - [25/05/2016 17:53:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [4722 bytes] - [24/05/2016 12:32:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [4795 bytes] - [24/05/2016 12:33:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1262 bytes] - [24/05/2016 12:39:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [3596 bytes] - [25/05/2016 17:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [3871 bytes] ##########

[altrok]

Vlozte nove logy FRST.txt a Addition.txt

[imicro]

FRST LOG:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016
Ran by Tom (administrator) on TS (25-05-2016 18:00:57)
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available Profiles: Tom)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Synology Inc.) C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [Google Update] => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-03] (Google Inc.)
HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ 01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ 05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll [2016-04-19] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2016-05-25]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-2130369096-4029822526-2213145148-1001] => hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187
Tcpip\Parameters: [DhcpNameServer] 147.229.37.10 147.229.37.11
Tcpip\..\Interfaces\{D30EDFC4-97BF-4971-920E-791A55E6BDC5}: [DhcpNameServer] 147.229.37.10 147.229.37.11
ManualProxies: 0hxxp://unstops.biz/wpad.dat?4b90964ce06f5435cc00b0d76733567e10512187

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Profiles\jvwpaues.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2130369096-4029822526-2213145148-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\lyz@zotero.org [not found]
FF Extension: No Name - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cjdsjbj3.default\extensions\zotero@chnm.gmu.edu.xpi [not found]
StartMenuInternet: FIREFOX.EXE - D:\_Tom\Programy\Mozilla\firefox.exe

Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxp://www.seznam.cz/?clid=13415
CHR StartupUrls: ChromeDefaultData -> "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxy0q4qOqRPdLMQ5814Ip_0Bcs96ceKxOJ3yAx3ac2A20wh1BTmHSKoac3d5DU0PKrFavIAzFxl1cPGixbg440pQsLkCnd8sKH-Ln2Ju87vPmwn5rVbntl2zC3PO29IJVaQ5afAlJNtFeJI,","hxxp://www.google.com/","hxxp://d2ucfwpxlh3zh3 ... mode=loadm"
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287240 2016-03-16] ()
S3 Disc Soft Lite Bus Service; D:\_Tom\Programy\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-07-14] (Microsoft)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-10-29] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-24] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 17:52 - 2016-05-25 17:52 - 03651136 _____ C:\Users\Tom\Desktop\adwcleaner_5.117.exe
2016-05-25 16:07 - 2016-05-25 16:07 - 01947195 _____ C:\Users\Tom\Desktop\Viry_forum.zip
2016-05-25 09:33 - 2016-05-25 17:39 - 00004566 _____ C:\Users\Tom\Desktop\Fixlog.txt
2016-05-24 22:45 - 2016-05-25 18:00 - 00013134 _____ C:\Users\Tom\Desktop\FRST.txt
2016-05-24 22:45 - 2016-05-25 17:13 - 00037094 _____ C:\Users\Tom\Desktop\Addition.txt
2016-05-24 22:44 - 2016-05-25 18:00 - 00000000 ____D C:\FRST
2016-05-24 22:43 - 2016-05-25 17:07 - 02382848 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2016-05-24 18:34 - 2016-05-24 18:34 - 00006930 _____ C:\Users\Tom\Desktop\rk_F965.tmp.txt
2016-05-24 18:34 - 2016-05-24 18:34 - 00006928 _____ C:\Users\Tom\Desktop\Viry forum.txt
2016-05-24 18:17 - 2016-05-24 18:17 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-05-24 18:16 - 2016-05-24 18:16 - 19867720 _____ C:\Users\Tom\Desktop\RogueKiller.exe
2016-05-24 18:16 - 2016-05-24 18:16 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-24 15:50 - 2016-05-24 15:50 - 00000000 ____D C:\rsit
2016-05-24 12:31 - 2016-05-25 17:53 - 00000000 ____D C:\AdwCleaner
2016-05-24 10:41 - 2016-05-24 10:41 - 00007605 _____ C:\Users\Tom\AppData\Local\Resmon.ResmonCfg
2016-05-17 15:59 - 2016-05-17 15:59 - 00000054 _____ C:\Users\Tom\Desktop\New Text Document.txt
2016-05-16 11:14 - 2016-05-25 15:45 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Thunderbird
2016-05-14 11:36 - 2016-05-14 11:36 - 00000517 _____ C:\Users\Tom\Desktop\dhl.txt
2016-05-11 06:13 - 2016-04-22 22:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 06:13 - 2016-04-22 22:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 06:13 - 2016-04-22 22:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 06:13 - 2016-04-22 22:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 06:13 - 2016-04-22 22:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 06:13 - 2016-04-22 21:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 06:13 - 2016-04-22 21:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 21:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 06:13 - 2016-04-22 21:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 06:13 - 2016-04-22 21:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 21:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 06:13 - 2016-04-22 21:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 21:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 06:13 - 2016-04-22 20:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-11 06:13 - 2016-04-22 20:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 06:13 - 2016-04-22 20:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 06:13 - 2016-04-22 20:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 06:13 - 2016-04-22 20:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 06:13 - 2016-04-22 20:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 06:13 - 2016-04-22 20:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 06:13 - 2016-04-22 20:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 06:13 - 2016-04-22 20:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 06:13 - 2016-04-11 08:21 - 00074584 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-05-11 06:13 - 2016-04-10 09:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 09:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 06:13 - 2016-04-10 07:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 06:13 - 2016-04-10 06:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 06:13 - 2016-04-10 06:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 06:13 - 2016-04-10 01:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 06:13 - 2016-04-10 00:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 06:13 - 2016-04-09 23:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-05-11 06:13 - 2016-04-09 23:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-05-11 06:13 - 2016-04-06 23:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-05-11 06:13 - 2016-04-06 23:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 20:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 06:13 - 2016-04-06 20:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 06:13 - 2016-04-06 19:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 06:13 - 2016-04-06 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 06:13 - 2016-04-06 18:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 06:13 - 2016-04-06 18:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 06:13 - 2016-04-06 18:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 06:13 - 2016-04-06 17:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 06:13 - 2016-03-31 08:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 06:13 - 2016-03-31 05:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 06:13 - 2016-03-29 03:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 06:13 - 2016-03-16 03:58 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 06:13 - 2016-03-16 03:58 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 06:13 - 2016-03-14 18:50 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-05-11 06:13 - 2016-03-12 02:49 - 02466136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-05-11 06:13 - 2016-03-12 02:47 - 00160160 _____ (Microsoft Corporation) C:\Windows\system32\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-12 02:47 - 00121912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IPHLPAPI.DLL
2016-05-11 06:13 - 2016-03-10 19:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:55 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-11 06:13 - 2016-03-10 18:52 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-05-11 06:13 - 2016-03-10 18:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2016-05-11 06:13 - 2016-03-10 18:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-11 06:13 - 2016-03-05 19:44 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-05-11 06:13 - 2016-03-05 19:04 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-05-11 06:13 - 2016-02-27 20:28 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-05-11 06:13 - 2016-02-27 19:57 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 19:19 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-05-11 06:13 - 2016-02-27 18:32 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-28 10:50 - 2016-04-28 16:17 - 01421312 _____ C:\Users\Tom\Desktop\Untitled-1.indd
2016-04-28 10:50 - 2016-04-28 16:17 - 00064133 _____ C:\Users\Tom\Desktop\Untitled-1.pdf
2016-04-25 14:11 - 2016-04-25 14:12 - 00000814 _____ C:\Users\Tom\Desktop\seznam IP adres_25_4_2016.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 17:59 - 2015-09-03 08:49 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2130369096-4029822526-2213145148-1001
2016-05-25 17:58 - 2013-09-30 06:20 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-25 17:58 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2016-05-25 17:54 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 14:16 - 2016-02-12 13:49 - 00000000 ____D C:\Users\Tom\AppData\Local\Battle.net
2016-05-24 15:58 - 2015-09-03 08:38 - 00000000 ____D C:\Users\Tom\AppData\Local\Packages
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-24 12:34 - 2016-03-03 12:47 - 00000700 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001207 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00001199 _____ C:\Users\Tom\Desktop\Google Chrome.lnk
2016-05-24 12:34 - 2015-09-03 08:46 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome
2016-05-24 12:34 - 2015-09-03 08:38 - 00000995 _____ C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 12:34 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-05-24 10:42 - 2016-03-02 16:37 - 00000000 ____D C:\Users\Tom\AppData\Local\CloudStation
2016-05-22 14:54 - 2015-09-03 08:55 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-05-20 14:14 - 2015-09-03 09:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-19 17:01 - 2015-10-20 15:40 - 00000000 ____D C:\Users\Tom\AppData\Roaming\Skype
2016-05-19 09:52 - 2015-12-28 23:37 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-18 02:52 - 2015-12-04 20:55 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-05-18 02:52 - 2015-12-04 20:55 - 00000971 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-05-15 03:18 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2016-05-14 11:38 - 2013-08-22 16:44 - 05323568 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-14 11:37 - 2015-09-09 13:48 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-14 11:37 - 2013-09-30 05:56 - 00000000 ____D C:\Windows\system32\Drivers\en-GB
2016-05-14 03:15 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-12 02:13 - 2015-09-07 09:23 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 02:13 - 2013-09-30 06:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 02:10 - 2015-09-07 09:23 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 02:10 - 2015-09-03 08:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-05-12 02:10 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-05-11 22:08 - 2013-08-22 17:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-11 22:08 - 2013-08-22 17:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 06:13 - 2016-04-13 08:13 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 06:13 - 2016-04-13 08:13 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 06:13 - 2016-04-13 08:13 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-05-11 06:13 - 2016-04-13 08:13 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-05-11 03:38 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2016-05-11 01:23 - 2015-09-03 09:03 - 00003922 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 01:23 - 2015-09-03 09:03 - 00003686 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 23:07 - 2015-09-03 08:46 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA
2016-05-10 23:07 - 2015-09-03 08:46 - 00003506 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core
2016-05-10 15:01 - 2015-09-03 09:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-07 04:29 - 2015-09-09 13:48 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-03 17:19 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-02 13:41 - 2016-04-11 09:48 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-04-30 19:33 - 2015-10-20 15:40 - 00000000 ____D C:\ProgramData\Skype
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 08:12 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2016-04-27 08:24 - 2015-09-03 09:03 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-27 08:24 - 2015-09-03 09:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2015-09-17 10:42 - 2015-09-17 10:45 - 0006842 _____ () C:\Users\Tom\AppData\Local\DTP Cloud Log.txt
2016-02-11 15:44 - 2016-02-11 15:44 - 0000723 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2016-05-24 10:41 - 2016-05-24 10:41 - 0007605 _____ () C:\Users\Tom\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\libeay32.dll
C:\Users\Tom\AppData\Local\Temp\msvcr120.dll
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-22 05:08

==================== End of FRST.txt ============================

ADDITION LOG:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016
Ran by Tom (2016-05-25 18:01:07)
Running from C:\Users\Tom\Desktop
Windows 8.1 Pro (Update) (X64) (2015-09-03 06:38:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2130369096-4029822526-2213145148-500 - Administrator - Disabled)
Guest (S-1-5-21-2130369096-4029822526-2213145148-501 - Limited - Disabled)
Tom (S-1-5-21-2130369096-4029822526-2213145148-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.1.0.421 - Adobe Systems Incorporated)
Apollo 2015.2.0 (HKLM-x32\...\Apollo - Informační Centrum VUT_is1) (Version: - CVIS, VUT v Brně)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Daniel's XL Toolbox 6.60 (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\{BDE4805C-4A64-4C6D-8547-5B7DB885C65F}_is1) (Version: - Daniel Kraus)
doPDF (Version: 8.3.934 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{0ebed438-cc81-46f7-914b-a4c93d5780f2}) (Version: 8.3.934 - Softland)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.0.0.7072 - Thomson Reuters)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
Google Chrome (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Google Chrome) (Version: 50.0.2661.102 - Spoločnosť Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
LyX 2.1.4 (HKLM-x32\...\LyX214) (Version: 2.1.4 - LyX Team)
Microsoft Office Language Pack 2013 - Czech/čeština (HKLM\...\Office15.OMUI.cs-cz) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 44.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 cs)) (Version: 44.0.2 - Mozilla)
Mozilla Firefox 45.0.1 (x86 cs) (HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\...\Mozilla Firefox 45.0.1 (x86 cs)) (Version: 45.0.1 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{0A1F1D6B-9780-4316-9902-437E9449FC7C}) (Version: 8.3.934 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{6E283717-7B3F-4E26-9D0A-917933ACF199}) (Version: 8.3.934 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{1CC99933-93FC-40BA-A3DD-286FB87CBF2F}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x64) (HKLM\...\{A8A71610-DE04-4C9E-AE89-60BCA8E20453}) (Version: 8.3.934 - Softland)
novaPDF 8 SDK COM (x86) (HKLM-x32\...\{0FD5EC80-F729-442E-8745-F60315842D9B}) (Version: 8.3.934 - Softland)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.43.1001.2015 - Realtek)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0100-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{010BF41A-4D78-40C3-90BA-117DF64A0AE2}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SigmaPlot 11.0 (HKLM-x32\...\{B1A88375-BAB9-4081-B58F-A137FC6ED2A4}) (Version: 11.0 - Systat Software, Inc.)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synology Cloud Station Drive (HKLM-x32\...\{1654A7C6-25A5-4BED-AABE-8A03E6BD3986}) (Version: 4.0.4203 - Synology)
TableCurve 2D v5.01 (HKLM-x32\...\TableCurve 2D v5.01) (Version: - )
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0405-1000-0000000FF1CE}_Office15.OMUI.cs-cz_{C224EEBF-D40A-4056-9DD3-EE74666F74AB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
WinZip (HKLM-x32\...\WinZip) (Version: 2.2.0 - Winzipper Pvt Ltd.) <==== ATTENTION
Zotero Standalone 4.0.28.7 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.28.7 (x86 en-US)) (Version: 4.0.28.7 - Zotero)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-2130369096-4029822526-2213145148-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tom\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E5052F4-BA24-4BC4-BB0C-B6FA92CF781E} - System32\Tasks\Wake From Sleep => C:\Program Files (x86)\TeamViewer\TeamViewer.exe [2016-05-12] (TeamViewer GmbH)
Task: {0F0A52B0-3DB7-4690-BB55-E833E8F5124F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {13EAA7FB-2D9D-470E-97B3-DCB14E250383} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-07-14] ()
Task: {288FC7AA-4E0E-4FED-B9C2-9AD31D2F080A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {3EADF9BD-EA38-4800-A860-E84FF14988D9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001Core => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {6163E9DC-3105-4775-B870-A92823CC6E40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6DEDC162-0A17-4EED-A335-CC07D386E643} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {90ADB01F-5DED-4822-9543-06E94BCD27E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {9BFD7276-ED51-4A92-8420-E29C8C55B7A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {C51EEA82-C135-4D94-BED7-2DF8FC877B52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2130369096-4029822526-2213145148-1001UA => C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {DAD841C9-B212-4EF7-AD83-9823DBABE5EC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-05-12] (Microsoft Corporation)
Task: {F008685D-4469-4A7E-86D3-D2408ACBC7ED} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-16 19:47 - 2016-03-16 19:47 - 00287240 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2015-07-14 12:34 - 2015-07-14 12:34 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00052512 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2015-07-14 12:34 - 2015-07-14 12:34 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01249280 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\icon-overlay\16\x64\ContextMenu.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 01738904 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 01:12 - 2016-05-11 13:48 - 00086168 _____ () C:\Users\Tom\AppData\Local\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-05-25 17:54 - 2016-05-25 17:54 - 00098816 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32api.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00110080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\pywintypes27.dll
2016-05-25 17:54 - 2016-05-25 17:54 - 00364544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\pythoncom27.dll
2016-05-25 17:54 - 2016-05-25 17:54 - 00320512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32com.shell.shell.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00776704 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_hashlib.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 01176576 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._core_.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00806400 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._gdi_.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00816128 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._windows_.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 01067008 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._controls_.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00733184 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._misc_.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00682496 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\pysqlite2._sqlite.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_ctypes.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00119808 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32file.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00108544 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32security.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00007168 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\hashobjs_ext.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00017920 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\thumbnails_ext.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00088064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\usb_ext.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00167936 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32gui.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00018432 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32event.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00046080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_socket.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 01208320 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_ssl.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00128512 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_elementtree.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00127488 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\pyexpat.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00012288 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\common.time34.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00038912 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32inet.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00036864 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_psutil_windows.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00525208 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\windows._lib_cacheinvalidation.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00011264 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32crypt.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00077312 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._html2.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00027136 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_multiprocessing.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00020480 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\_yappi.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00035840 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32process.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00686080 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\unicodedata.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00078848 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._animate.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00123392 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\wx._wizard.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00024064 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32pipe.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00010240 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\select.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00025600 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32pdh.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00017408 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32profile.pyd
2016-05-25 17:54 - 2016-05-25 17:54 - 00022528 ____R () C:\Users\Tom\AppData\Local\Temp\_MEI43722\win32ts.pyd
2016-04-19 16:41 - 2016-04-19 16:41 - 00123918 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01026062 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00524460 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03036430 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 01798570 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00115214 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 03095505 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 21565192 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00712704 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00031744 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00046080 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00032768 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00516608 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00243200 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2016-04-19 16:41 - 2016-04-19 16:41 - 00431616 _____ () C:\Users\Tom\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2130369096-4029822526-2213145148-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 147.229.37.10 - 147.229.37.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: SwitchBoard => 3
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{87369E74-CCEB-4B90-A9D4-22DC1DD12163}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8DDE4C7D-6A13-43AE-B4FD-7A4272D17094}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{978F776B-6CDA-4BAE-B178-8AE08BB99774}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EAC00440-267F-4511-B6EB-A7BBE2BF1278}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{F6CFA9B0-C1D2-477D-9481-DF32777F33C0}] => (Allow) LPort=8501
FirewallRules: [{F9B729B9-CC68-4F91-9E19-9ADDA42F57FC}] => (Allow) LPort=8501
FirewallRules: [{DF018E53-FEFE-4F65-8A7A-96D15FE871C9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F71B25DC-8643-49C8-AE9E-0DFA88A1DEC2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5EE3DEC3-9790-42B2-9BA9-ED248D1A9C23}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A8BCD122-23B5-4701-BC0C-D6B74F2775F4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{F248EC43-80A8-4D78-9828-4F6A926ADD84}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AAD5C9EE-757A-41BB-8121-DDCB74440F7F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{73F470E3-BFB3-4539-8B53-8DDB25E0FFB4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B3B4B29B-862F-479F-8A1B-C9900D811817}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4C0A44A1-0B7D-4112-AF32-DE8DFC76DBF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9EE2DF36-CD16-454E-846D-9535F14B090F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{078EC3CE-1F3E-40ED-B850-A1564D6501E9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{68909BC6-1D3D-40E6-914A-1A35D3B027E0}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{78FB3809-555E-457C-B44A-27490B47DF89}D:\_tom\hs\hearthstone\hearthstone.exe] => (Allow) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{12FE973F-DA71-42BE-8384-478FB90CEB98}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{3D891F1F-31FC-4C53-91C6-F44B658EFF75}] => (Block) D:\_tom\hs\hearthstone\hearthstone.exe
FirewallRules: [{63AFEE85-04E9-4D5D-87C5-527DCE38D9BD}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [{1E2DE8F6-00BE-4A98-985B-49EED3036B6A}] => (Allow) D:\_Tom\Programy\Mozilla\firefox.exe
FirewallRules: [TCP Query User{E4ABEE25-75C0-483A-8D4A-09CD12F4A44F}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{05F4C41E-39C9-4B77-96AC-060216858EC4}C:\users\tom\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\tom\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{6670D738-F151-46BB-BBE6-93234B2EDC94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7EEF886B-821E-4EE7-8689-E0E221FAEE4D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B795D14-8B41-4BF9-A1A8-9A561705BD3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AE4936FE-F1F3-49E9-92AD-45D375541D50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

11-05-2016 03:37:14 Windows Update
18-05-2016 05:13:59 Scheduled Checkpoint
25-05-2016 17:08:30 Restore Point Created by FRST
25-05-2016 17:39:42 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2016 05:39:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/25/2016 05:39:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b654268d-6037-46b1-809c-119b10754ca3}

Error: (05/25/2016 05:08:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/25/2016 05:08:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0e1768d7-a7a2-4e8e-a619-30135fdb779a}

Error: (05/20/2016 03:07:20 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/19/2016 03:52:11 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/18/2016 05:14:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/13/2016 05:06:46 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/12/2016 02:09:40 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: The volume Rezervováno systémem was not optimised because an error was encountered: The parameter is incorrect. (0x80070057)

Error: (05/11/2016 03:37:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (05/25/2016 05:53:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2016 05:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The novaPDF Server service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cloud Station Drive VSS Service x64 service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:53:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Genuine Software Integrity Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:53:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/25/2016 05:53:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (05/25/2016 05:39:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error:
%%1069

Error: (05/25/2016 05:39:49 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/25/2016 05:39:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/25/2016 05:39:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WFini WdMan Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 6%
Total physical RAM: 32630 MB
Available physical RAM: 30616.56 MB
Total Virtual: 37494 MB
Available Virtual: 35287.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:152.78 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:905.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 7488BAC0)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 61AA9518)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[altrok]

Aktivni havet byla odstranena, ale stale se nedari uplne vylecit Chrome - doporucuji zazalohovat zalozky a hesla napr. pomoci http://www.stahuj.centrum.cz/internet_a ... me-backup/ pak Chrome odinstalovat vcetne profilu a provest cistou instalaci.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[imicro]

Zalozky a hesla by mali byt zalohovane na google profile - do chromu sa prihlasujem cez gmail. Ale dobros, preinstalujem. Dakujem velmi pekne.

[altrok]

Nemate zac, rad jsem pomohl


Mejte se krasne a treba zase nekdy